DoS in MiniShare 1.3.2

From: Donato Ferrante (fdonato_at_autistici.org)
Date: 05/26/04

Next message: OpenPKG: "[OpenPKG-SA-2004.026] OpenPKG Security Advisory (apache)"

Previous message: SGI Security Coordinator: "SGI Advanced Linux Environment 3 Security Update #1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 26 May 2004 13:11:58 -0000
To: <bugtraq@securityfocus.com>

Donato Ferrante

Application: MiniShare
http://minishare.sourceforge.net/

Version: 1.3.2

Bug: Denial Of Service

Date: 26-May-2004

Author: Donato Ferrante
e-mail: fdonato@autistici.org
web: www.autistici.org/fdonato

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bug
3. The code
4. The fix

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's description:

"MiniShare is meant to serve anyone who has the need to share files
to anyone, doesn't have a place to store the files on the web,
and does not want or simply does not have the skill and possibility
to set up and maintain a complete HTTP-server software such as Apache.
The application is meant to be as easy to use as any common software
most users use daily. However, this doesn't mean experienced users
can't find it useful."

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
2. The bug:
------------

The program is unable to manage some user's requests.
In fact it waits at the end of each request at least two newlines.
So if you send to the webserver a GET or an HEAD request with no or
at most one newline, the webserver will crash.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerability send to the webserver a request like:

GET:

1. GET /something HTTP/1.1
-
2. GET /something HTTP/1.1\n
-

HEAD:

1. HEAD /something HTTP/1.1
-
2. HEAD /something HTTP/1.1\n
-

and the webserver will crash.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

Vendor was contacted.
Bug will be fixed in the next version.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Next message: OpenPKG: "[OpenPKG-SA-2004.026] OpenPKG Security Advisory (apache)"

Previous message: SGI Security Coordinator: "SGI Advanced Linux Environment 3 Security Update #1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[Full-Disclosure] DoS in MiniShare 1.3.2
... The bug ... In fact it waits at the end of each request at least two newlines. ... So if you send to the webserver a GET or an HEAD request with no or ... at most one newline, the webserver will crash. ...
(Full-Disclosure)
Re: How to Run ASP natively in SQLServer7
... > will not be re-inserted into Fogbugz. ... > 'Otherwise new request will be inserted. ... Insert one row of header data into the BUG table ... > 'within the BUG table everytime a new row is inserted. ...
(microsoft.public.sqlserver.programming)
Re: ANTS!
... i feel as though entering my space by a bug is a request for assisted ... close enough for either of these to take place it is imho a request for help ... any case, the sweet bait doesn't attract cats, expecially if you put it ... where the ants are and the cats don't go. ...
(rec.pets.cats.anecdotes)
Re: Sorry if this offends anyone (OT) - Whats up with these religious people?!
... >> rail against in the name of religion and then blatantly ignore it when it ... > They're still parked rent-free in your head if you let them bug you. ... becomes more than mere railing - it becomes the law. ...
(rec.pets.cats.anecdotes)
Re: RELENG_6 devfs problem
... Do you use devfs rule sets? ... I fixed a bug a week or so ago in devfs_rule.c in HEAD, ... If this doesn't fix it, the normal debugging steps apply -- compile in DDB, BREAK_TO_DEBUGGER, and WITNESS. ...
(freebsd-stable)