KPMG-2002028: Sitespring Server Denial of Service

[Peter Gründl <pgrundl () kpmg dk>]

--------------------------------------------------------------------

Title: Sitespring Server Denial of Service

BUG-ID: 2002028
Released: 01st Jul 2002
--------------------------------------------------------------------

Problem:
========
A malicious user with access to the Sitespring database engine port
can crash both the runtime database engine and the Sitespring web
service.


Vulnerable:
===========
- Sitespring 1.2.0(277.1) using Sybase runtime engine v7.0.2.1480


Details:
========
If the sybase database engine receives 1077 x chr(2) + \r\n\r\n it
crashes. The web service will crash shortly after the database
engine stops.


Vendor URL:
===========
You can visit the vendor webpage here: http://www.macromedia.com


Vendor Response:
================
This was reported to the vendor on the 16th of April, 2002. There
is currently no scheduled patch for this vulnerability. Vendor
support for Sitespring is planned to end May, 2004.


Corrective action:
==================
Apply IP filtering to the Sitespring server, so only the local host
is allowed to connect to TCP port 2500.

On Win2000 or WinXP this can be done using the built-in IP filter
functionality.



Author: Peter Gründl (pgrundl () kpmg dk)

--------------------------------------------------------------------
KPMG is not responsible for the misuse of the information we provide
through our security advisories. These advisories are a service to
the professional security community. In no event shall KPMG be lia-
ble for any consequences whatsoever arising out of or in connection
with the use or spread of this information.
--------------------------------------------------------------------