Home page logo
/

bugtraq logo Bugtraq mailing list archives

AdvServer DoS
From: "elaborate ruse" <elaborateruse () trust-me com>
Date: Fri, 21 Jun 2002 14:22:53 -0500


 Title: AdvServer DoS
 Date:  21.06.02
 Author:        elab (http://elaboration.8bit.co.uk)
 Software:      AdvServer
 Platform:      Win32
 Tested:        Version 1.030000
 Vendor:        WWW:            http://gamecheats.ws
        Contacted on:   30 May 02
        Via:            tassadar () mail com && website
        Response:       Within 2 days

 
 WARNING:       This advisory has NOTHING to do with the Microsoft webserver of
                a similar name.



 Summary:       
                From vendor's website (http://gamecheats.ws):

                        "AdvServer is all you need for your web hosting
                        needs, if you want a fast ,reliable ,and robust
                        http web server then AdvServer is perfect for
                        you. AdvServer Multithreading system allows
                        you to handle insane amounts of web traffic.
                        Smart PreCache system that loads frequently
                        used files in to memory ,allowing for lightning fast
                        server responces. Custom Api system so you
                        are able to create library modules that increase
                        the functionality of your website. AdvServer fully
                        supports CGI applications such as Perl or PHP.
                        Best of all AdvServer setup screen makes
                        customization a breeze. Download AdvServer
                        Today its free!"
 
                A DoS condition exists in AdvServer which can render the server
                unresponsive to further connections.

 Details:
                Connecting to AdvServer and sending a single CRLF sequence
                causes a page fault in advserver.exe.  At this point the
                server still accepts new connections.  If this action is
                repeated around another 100 times the server stops accepting new
                connections.

                The version tested and found to be vulnerable was 1.030000.

                The platform tested on was Microsoft Windows 98SE.

 History:
                Searches at securityfocus archives revealed no previous postings
                about this product yet a google search shows multiple download
                locations.

 Vendor:
                Vendor was contacted on 30 May 02 via email and website.
                Initial response was:

                "your the first person with this problem that has contacted
                 me, but im currently working on another project sorry".
                
                On 08.06.02 vendor was sent a copy of this advisory, packet
                dumps of the DoS as well as PoC code and two weeks to respond
                with a reasonable schedule for a fix before this information 
                would be made public.

                After further emails vendor stated:

                "the parsing module is being rebuilt, by june 17, 2002 version 
                 1.04 will have the new module fix"

                As of release date no fixed version is available from vendor's
                website and vendor has become unresponsive to further attempts
                at communication.
                
                Also CC'ed a copy of this advisory.
                
 Workaround:
                Use a non-development stage web server for your hosting.
                
 Notes: 
                In tests it took exactly 96 sockets and CRLF writes to crash
                the server (46 if you do it through localhost).  The sockets
                did not need to be kept open and were sequential as opposed to
                parallel.

                It seems that various non HTTP conformant data can crash the 
                server - a single CRLF per connection just seemed easiest.

                This advisory is also available from:
                http://elaboration.8bit.co.uk/projects/texts/advisories/AdvServer.DoS.txt
                
        






_____________________________________________
Free email with personality! Over 200 domains!
http://www.MyOwnEmail.com

Attachment: ACF1848.txt
Description: ACF1848.txt


  By Date           By Thread  

Current thread:
  • AdvServer DoS elaborate ruse (Jun 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]