Re: Remote DoS in AnlaogX SimpleServer:www 1.16

[Auriemma Luigi <bugtest_at_sitoverde.com@localhost.localdomain>(by way of bugtest <bugtest () sitoverde com>)]

Hi, this mail is about the advisory posted by Fort and Foundstone for the
buffer-overflow in AnalogX SimpleServer v1.16.
If you send the chars for crash the server, it will continue to run and serve
other computers until the admin don't close the Windows'popup error message
(tested on Win9x).
So I have attached a simple proof-of-concept that not only crash the server,
but it rewrite the EIP with the address of WSACleanup() function, so ALL the
connections will be closed and nobody can use the server until it is not
closed and restarted.

BYEZ

Attachment: http.tgz
Description: Simple exploit code