[NT] VisNetic WebSite Denial of Service
From: support@securiteam.com
Date: 12/12/02
- Previous message: support@securiteam.com: "[NT] PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability (Windows)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: 12 Dec 2002 10:40:07 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
Beyond Security would like to welcome Tiscali World Online
to our service provider team.
For more info on their service offering IP-Secure,
please visit http://www.worldonline.co.za/services/work_ip.asp
- - - - - - - - -
VisNetic WebSite Denial of Service
------------------------------------------------------------------------
SUMMARY
<http://www.deerfield.com/download/visnetic_website/> VisNetic Website,
the first web server developed specifically for Windows, can use almost
any development platform, and includes features that allow web developers
to create powerful, flexible web sites. VisNetic WebSite is a secure
Windows-based web server that supports multiple domains, and allows
TLS/SSL secured domains. This web server also includes support for a user
database that can restrict access to content, and is immune to many of the
security issues that may arise with other popular web servers. A
vulnerability in the product allows remote attackers to overflow an
internal buffer.
DETAILS
Vulnerable systems:
* VisNetic WebSite version 3.5.13.1
Immune systems:
* VisNetic Website version 3.5.15
During a trial installation of the VisNetic website package Peter
discovered a bug in the software that would crash the server on handling
special long sized URLs. The server is subject to a Denial of Service
attack. The weakness could allow a malicious attacker to send an oversized
packet to the server which will cause a Denial of Service to the
application.
Description:
The flaw can be exploited with the /OPTIONS. With a "OPTIONS
/AAAAAAA.HTML" approx. 5001 A's you can send data to the web server and
crash the application. The server will crash with an instruction (write)
fault at 0x00417d54 pointing to 0x41414141 in the httpd32.exe application.
This weakness has been verified by testing against the latest website
software from Deerfield (v3.5.13.1).
It should be noted that an attack will still be caught in the log file for
inspection by a company attacked by this long URL.
Solution:
Update your VisNetic Website to version 3.5.15. An update has been
released and can be downloaded from Deerfield's web site at:
<http://www.deerfield.com/download/visnetic_website/>
http://www.deerfield.com/download/visnetic_website/
The update can also be downloaded from the VisNetic WebSite administration
console, support tab, check for updates (at the bottom of the tab).
ADDITIONAL INFORMATION
The original advisory can be found at:
<http://www.krusesecurity.dk/advisories/vis0102.txt>
http://www.krusesecurity.dk/advisories/vis0102.txt
The information has been provided by <mailto:kruse@krusesecurity.dk>
Peter Kruse.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Next message: support@securiteam.com: "[NT] Flaw in Microsoft VM Could Enable System Compromise"
- Previous message: support@securiteam.com: "[NT] PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability (Windows)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
