DOS Vulnerability in SlimServe HTTPd
Overview
SlimServe HTTPd v1.0 is a web server available from http://www.whitsoftdev.com
and http://www.download.com. A DOS vulnerability exists which allows a
remote
attacker to crash the server.
Details
If an extraoridinarily long string of 'A's is sent to the server in a GET
request, the server crashes with the following dump:
SLIMHTTP caused an invalid page fault in
module SLIMHTTP.EXE at 017f:004021db.
Registers:
EAX=ffffffff CS=017f EIP=004021db EFLGS=00010286
EBX=00412794 SS=0187 ESP=00eafa1c EBP=000400a4
ECX=8173ac0c DS=0187 ESI=00eb0000 FS=228f
EDX=8173ac14 ES=0187 EDI=00000068 GS=0000
Bytes at CS:EIP:
8a 06 3c 0d 75 05 c6 06 00 eb 04 3c 0a 74 1a 66
Stack dump:
00eafe99 00eafd5d 00000000 0000000f
00000000 00000001 00000068 00000000
00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000
Solution
No quick fix is possible.
Vendor Status
WhitSoft Development was contacted via <[EMAIL PROTECTED]> on
Sunday, January 28, 2001. This was the response I received:
> I appreciate your taking the time to alert me to the presence of this
bug.
> However, I can't do anything to fix it right now, as I have no time for
> programming.
>
> Matt Whitlock
- Joe Testa ( [EMAIL PROTECTED] )