Re: Denial of Service in Xitami webserver all versions up to v2.5b1 for Windows.

[security () QUARK-XIII DEMON NL (Mitch)]

At 19:37 29-03-2000 , you wrote:
> Anyone can remotely crash Xitami webserver by sending simple GET
> command. On remote side will be:
>
> Assertion Failed!
> Module: D:\Imatix\Develop\Smt\Smthttpl.c , line 745
>
> All you need to do is just telnet to remote computer and execute
> GET<space><enter><enter> command. Also Xitami will crash if you'll execute
> POST<space><enter><enter> or HEAD<space><enter><enter> command.
>
>
> There is another DoS in Xitami. By default installation Xitami
> allows anonymous users on ftp. So connect to remote computer as
> anonymous user and execute cd con/con command.
> -----------------------------
>
> romanv () citycat ru

Tried to bring it down from a remote account which failed, got std http
error msg back.
Version Xitami 2.4d1 on Winx, set up for this one on http 8080, without
authorisation or ipmasks.

Are you sure it ain't because you used a beta version?
Or did you test some previous versions as well?
Is it in the console or the std. version?
Did you compile it yourself or did you get a precompiled version?

Questions, questions...

Cheers, Mitch.