mailing list archives
Re: Remote DoS in AnlaogX SimpleServer:www 1.16
From: Auriemma Luigi <bugtest_at_sitoverde.com () localhost localdomain>(by way of bugtest <bugtest () sitoverde com>)
Date: Tue, 2 Jul 2002 19:46:04 +0000
Hi, this mail is about the advisory posted by Fort and Foundstone for the
buffer-overflow in AnalogX SimpleServer v1.16.
If you send the chars for crash the server, it will continue to run and serve
other computers until the admin don't close the Windows'popup error message
(tested on Win9x).
So I have attached a simple proof-of-concept that not only crash the server,
but it rewrite the EIP with the address of WSACleanup() function, so ALL the
connections will be closed and nobody can use the server until it is not
closed and restarted.
Description: Simple exploit code
- Re: Remote DoS in AnlaogX SimpleServer:www 1.16 Auriemma Luigi (Jul 02)