Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Remote DoS in AnlaogX SimpleServer:www 1.16
From: Auriemma Luigi <bugtest_at_sitoverde.com () localhost localdomain>(by way of bugtest <bugtest () sitoverde com>)
Date: Tue, 2 Jul 2002 19:46:04 +0000

Hi, this mail is about the advisory posted by Fort and Foundstone for the
buffer-overflow in AnalogX SimpleServer v1.16.
If you send the chars for crash the server, it will continue to run and serve
other computers until the admin don't close the Windows'popup error message
(tested on Win9x).
So I have attached a simple proof-of-concept that not only crash the server,
but it rewrite the EIP with the address of WSACleanup() function, so ALL the
connections will be closed and nobody can use the server until it is not
closed and restarted.


Attachment: http.tgz
Description: Simple exploit code

  By Date           By Thread  

Current thread:
  • Re: Remote DoS in AnlaogX SimpleServer:www 1.16 Auriemma Luigi (Jul 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]