Bugtraq mailing list archives

Re: ZBServer Pro DoS Vulnerability

From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 15 Jan 2002 20:33:56 -0500 (EST)


Tamer Sahin <ts () securityoffice net> said:

Server crashes after sending very long URL a few times.

http://host/AAAAAAAAA...(Ax2500)...AAA

Tested:
Windows 2000 / ZBServer Pro 1.50-r13


It appears that this problem was originally publicized on December 23,
1999.  It was reported by USSR to Bugtraq and NTBugtraq in a post
titled "Local / Remote GET Buffer Overflow Vulnerability in ZBServer
1.5" (CVE: CVE-2000-0002).  USSR was unable to get a response from the
vendor.

devix posted a followup stating that the vendor had been notified
about the problem in 1997.

Dark Spyrit later posted an exploit to Bugtraq which appears to
execute arbitrary code, not just cause a DoS.

A search for "ZBServer" on various well-known vulnerability
repositories produced the following references (note: URLs may be
wrapped):

  http://www.securityfocus.com/archive/1/39597
  http://www.securityfocus.com/archive/1/39654
  http://www.securityfocus.com/archive/1/44126
  http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0002
  http://www.securityfocus.com/bid/889
  http://xforce.iss.net/static/3809.php

A search for "ZBServer" on both AltaVista and Google includes
references to the Bugtraq posts on the first page.

Vendor links:

  http://www.zbserver.com/zbserver/index.html
    (the 1997 copyright date might indicate why the problem has not
     been fixed)
  http://www.zbsoft.com/zbserver/support.html


- Steve

Current thread:

ZBServer Pro DoS Vulnerability Tamer Sahin (Jan 15)
- <Possible follow-ups>
- Re: ZBServer Pro DoS Vulnerability Steven M. Christey (Jan 16)