[NT] AdvServer Denial of Service Attack

From: support@securiteam.com
Date: 06/23/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Sun, 23 Jun 2002 21:21:01 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  AdvServer Denial of Service Attack
------------------------------------------------------------------------

SUMMARY

 <http://gamecheats.ws/> AdvServer is all you need for your web hosting
needs, if you want a fast ,reliable ,and robust http web server then
AdvServer is perfect for you. A DoS condition exists in AdvServer that can
render the server unresponsive to further connections.

DETAILS

Vulnerable systems:
AdvServer version 1.03

Immune systems:
AdvServer version 1.04

Connecting to AdvServer and sending a single CRLF sequence causes a page
fault in advserver.exe. At this point, the server still accepts new
connections. If this action is repeated around another 100 times the
server stops accepting new connections.

Vendor status:
Vendor was contacted on 30 May 02 via email and website. Initial response
was:
"your the first person with this problem that has contacted me, but I am
currently working on another project sorry".

On 08.06.02 vendor was sent a copy of this advisory, packet dumps of the
DoS as well as PoC code and two weeks to respond with a reasonable
schedule for a fix before this information would be made public.

After further emails vendor stated:
"the parsing module is being rebuilt, by June 17, 2002 version 1.04 will
have the new module fix"

As of release date, no fixed version is available from vendor's website
and vendor has become unresponsive to further attempts at communication.

ADDITIONAL INFORMATION

The information has been provided by <mailto:elaborateruse@trust-me.com>
elaborate ruse.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.