[VulnWatch] Denial of Service vulnerability in VisNetic Website

From: Peter Kruse (kruse@krusesecurity.dk)
Date: 12/11/02

  • Next message: Marc Maiffret: "[VulnWatch] PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability"
    From: "Peter Kruse" <kruse@krusesecurity.dk>
    To: <vulnwatch@vulnwatch.org>
    Date: Wed, 11 Dec 2002 23:28:19 +0100
    
    

    Name: VisNetic WebSite Denial of Service
    Date: 12th of December 2002
    Software affected: VisNetic WebSite 3.5.13.1
                       (prior versions are vulnerable)
    Advisory: http://www.krusesecurity.dk/advisories/vis0102.txt
    Risk: Medium

    Legal Notice:

    This Advisory is copyright by Peter Kruse. You may distribute
    this unmodified.

    Disclaimer:

    The opinions expressed in this advisory are my own and not that
    of any company. The usual standard disclaimer applies, especially
    the fact that Peter Kruse or Kruse Security is not liable for
    any damages caused by direct or indirect use of the information
    or functionality provided by this advisory or program.

    Vendor Description:

    VisNetic Website, the first web server developed specifically for
    Windows, can use almost any development platform, and includes
    features that allow web developers to create powerful, flexible
    web sites. VisNetic WebSite is a secure Windows-based web server
    that supports multiple domains, and allows TLS/SSL secured
    domains. This web server also includes support for a user
    database that can restrict access to content, and is immune to
    many of the security issues that may arise with other popular
    web servers.

    Problem:

    During a trial installation of the Visnetic website package I
    discovered a bug in the software that would crash the server on
    handling special longsized URLs. The server is subject to a
    Denial of Service attack. The weakness could allow a malicous
    attacker to send an oversized packet to the server which will
    effect a Denial of Service to the application.

    Description:

    The flaw can be exploited with the /OPTIONS. With a "OPTIONS
    /AAAAAAA.HTML" approx. 5001 A's you can send data to the
    webserver and crash the application. The server will crash with
    an instruction (write) fault at 0x00417d54 pointing to
    0x41414141 in the httpd32.exe application. This weakness has
    been verified by testing against the latest website software from
    Deerfield (v3.5.13.1).

    It should be noted that an attack will still be caught in the log
    file for inspection by a company attacked by this long URL.

    Credit:

    I would like to thank Deerfield for quick and very professional
    handling of the reported issue. An update has been released and
    can be downloaded from Deerfield's web site at:

    http://www.deerfield.com/download/visnetic_website/

    The update can also be downloaded from the Visnetic WebSite
    administration console, support tab, check for updates (at the
    bottom of the tab).

    Kind regards

    Peter Kruse
    Kruse Security
    http://www.krusesecurity.dk



    Relevant Pages

    • VisNetic WebSite Denial of Service
      ... Software affected: VisNetic WebSite 3.5.13.1 ... This Advisory is copyright by Peter Kruse. ... Windows-based web server that supports multiple domains, ... and is immune to many of the security ...
      (NT-Bugtraq)
    • [Full-Disclosure] Denial of Service vulnerability in VisNetic Website
      ... Software affected: VisNetic WebSite 3.5.13.1 ... This Advisory is copyright by Peter Kruse. ... Windows-based web server that supports multiple domains, ... The server is subject to a Denial of Service attack. ...
      (Full-Disclosure)
    • Denial of Service vulnerability in VisNetic Website
      ... Software affected: VisNetic WebSite 3.5.13.1 ... This Advisory is copyright by Peter Kruse. ... VisNetic WebSite is a secure Windows-based web server ...
      (Bugtraq)
    • [NT] VisNetic WebSite Denial of Service
      ... Beyond Security would like to welcome Tiscali World Online ... VisNetic WebSite is a secure ... Windows-based web server that supports multiple domains, ... It should be noted that an attack will still be caught in the log file for ...
      (Securiteam)