ummm... is this a redux? http://exploitlabs.com/files/advisories/EXPL-A-2003-012-myServer.txt July 5 2003 and http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-07/0047.html and http://lists.insecure.org/lists/bugtraq/2003/Jun/0181.html June 21 2003
unless you have got a remote shell or other compromize, this is a known issue Donnie Werner http://exploitlabs.com ----- Original Message ----- From: "badpack3t" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, September 08, 2003 1:29 PM Subject: [Full-Disclosure] MyServer 0.4.3 Denial Of Service > SP Research Labs Advisory x06 > --------------------------------- > www.security-protocols.com > > MyServer 0.4.3 Denial of Service > --------------------------------- > > Download it here: > http://myserverweb.sourceforge.net > > Date Released - 09/08/2003 > > ------------------------------------ > Product Description from the vendor: > MyServer is a free and easy to configure web server. MyServer is licensed > under the GNU General Public License (GPL). See the license page for > additional info. MyServer is in continuous development and new features > will be present in future releases. Go here to see the latest news from > the MyServer project. It is available for windows and linux platforms. > MyServer's principal goal is to create a free and simple powerful server > to allow everyone to transform his home PC in a server and be you own > webmaster with few clicks and share information easily with all the world! > It is a multithread application that support multiprocessor machines, in > this way can be appreciated for professional uses too. > > --------------------------- > Vulnerability Description: > > A denial of service (could possibly be exploitable) vulnerability exists > within MyServer 0.4.3. > > 2.2.10.0. Please see the exploit code for the malicious payload as it is > to large to post within the email. Once the malicious payload has been > sent, the web server will crash giving a runtime error. If you have found > out that this is indeed exploitable, please send me an email if you don't > mind. > > Advisory Link: > > http://www.security-protocols.com/article.php?sid=1596&mode=thread&order=0 > > Tested on: > > Windows XP Pro SP1 > Windows 2000 SP3 > > ---------------------------- > Download the exploit here: > > http://fux0r.phathookups.com/coding/c++/sp-myserver.c > > peace out, > > ---------------------------- > badpack3t > founder > www.security-protocols.com > ---------------------------- > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
