[NEWS] LabVIEW Web Server DoS Vulnerability
From: support@securiteam.comDate: 04/25/02
- Previous message: support@securiteam.com: "[EXPL] Suid Application Execution May Give Local Root (Testing App)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Thu, 25 Apr 2002 09:25:58 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
LabVIEW Web Server DoS Vulnerability
------------------------------------------------------------------------
SUMMARY
The <http://sine.ni.com/apps/we/nioc.vp?cid=1381&lang=US> LabVIEW
application is an integrated development system for creating LabVIEW
programs, which are called Virtual Instruments or VIs. The LabVIEW
application can run, or host, VIs in its own environment. The LabVIEW
application can also host its own Internet servers, including an HTTP or
Web server. LabVIEW also has extensive libraries to interface with
real-world test and measurement equipment, as well as mechanical motion
control and process control equipment.
When the malformed HTTP request described below is received by the LabVIEW
Web Server, the entire LabVIEW application crashes, including the Web
Server, and any other LabVIEW programs, or VIs, that are running in the
application environment. This amounts to a Denial of Service attack, not
only on the web server, itself, but also on any processes hosted in the
LabVIEW application. LabVIEW VIs performing real-world processes could be
interrupted by this type of attack.
DETAILS
Vulnerable systems:
LabVIEW Web Server versions 5.1.1 - 6.1
Exploit:
The LabVIEW Web Server crashes when it processes the following malformed
HTTP request:
GET\s/\sHTTP/1.0\n\n
This request is malformed because RFC 1945 for HTTP 1.0 specifies that
header lines should be separated by CRLF (\r\n), not just LF (\n) as shown
here. The header should be ended by two adjacent CRLF sequences. However,
a server should not crash when it processes this sequence.
The server crashes only when the Web Server logging is enabled.
Vendor response:
National Instruments has confirmed this exploit and has published a
response in their
<http://digital.ni.com/public.nsf/websearch/4C3F86E655E5389886256BA00064B22F> KnowledgeBase. This states that the crash will occur only when web server logging is enabled.
While this is demonstrably a Denial of Service vulnerability, it might
also be exploitable with a buffer overflow attack.
ADDITIONAL INFORMATION
The information has been provided by <mailto:steve@iLabVIEW.com> Steve
Zins.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[EXPL] Suid Application Execution May Give Local Root (Testing App)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
