Full Disclosure mailing list archives
Re: MyServer 0.4.3 Denial Of Service
From: "badpack3t" <badpack3t () security-protocols com>
Date: Tue, 9 Sep 2003 12:09:31 -0400 (EDT)
Read my advisory just a little bit closer. Those you mention below are for 0.4.1 and 0.4.2. The issue I found is much different, and is on version 0.4.3. -badpack3t www.security-protocols.com
ummm... is this a redux? http://exploitlabs.com/files/advisories/EXPL-A-2003-012-myServer.txt July 5 2003 and http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-07/0047.html and http://lists.insecure.org/lists/bugtraq/2003/Jun/0181.html June 21 2003 unless you have got a remote shell or other compromize, this is a known issue Donnie Werner http://exploitlabs.com ----- Original Message ----- From: "badpack3t" <badpack3t () security-protocols com> To: <badpack3t () security-protocols com> Sent: Monday, September 08, 2003 1:29 PM Subject: [Full-disclosure] MyServer 0.4.3 Denial Of ServiceSP Research Labs Advisory x06 --------------------------------- www.security-protocols.com MyServer 0.4.3 Denial of Service --------------------------------- Download it here: http://myserverweb.sourceforge.net Date Released - 09/08/2003 ------------------------------------ Product Description from the vendor: MyServer is a free and easy to configure web server. MyServer is licensed under the GNU General Public License (GPL). See the license page for additional info. MyServer is in continuous development and new features will be present in future releases. Go here to see the latest news from the MyServer project. It is available for windows and linux platforms. MyServer's principal goal is to create a free and simple powerful server to allow everyone to transform his home PC in a server and be you own webmaster with few clicks and share information easily with all the world! It is a multithread application that support multiprocessor machines, in this way can be appreciated for professional uses too. --------------------------- Vulnerability Description: A denial of service (could possibly be exploitable) vulnerability exists within MyServer 0.4.3. 2.2.10.0. Please see the exploit code for the malicious payload as it is to large to post within the email. Once the malicious payload has been sent, the web server will crash giving a runtime error. If you have found out that this is indeed exploitable, please send me an email if you don't mind. Advisory Link: http://www.security-protocols.com/article.php?sid=1596&mode=thread&order=0 Tested on: Windows XP Pro SP1 Windows 2000 SP3 ---------------------------- Download the exploit here: http://fux0r.phathookups.com/coding/c++/sp-myserver.c peace out, ---------------------------- badpack3t founder www.security-protocols.com ---------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MyServer 0.4.3 Denial Of Service badpack3t (Sep 08)
- Re: MyServer 0.4.3 Denial Of Service morning_wood (Sep 08)
- Re: MyServer 0.4.3 Denial Of Service badpack3t (Sep 09)
- Re: MyServer 0.4.3 Denial Of Service morning_wood (Sep 08)