Dino's Webserver v1.2 DoS, possible overflow

["'ken'@FTU" <ken_at_ftu () yahoo com>]

Dino's WebServer v1.2 is vulnerable to a Denial of Service attack with a
possible buffer overflow or heap overflow.

Explanation:
Given a series of requests the server will hang at 99% CPU. To Dino's
(actually, Anders G. Jensen) credit, the priority is low enough that
other programs appear to be taxed little by the CPU usage. The server
cannot handle other requests and must be restarted. The server does not
appear to recover automatically: after 10 minutes of my CPU running at
almost 100%, I killed the program.

It is my belief that the server may have a heap or buffer overflow.
Usually the server handles long path names without problem, or so it
seems. Dino's WebServer has a feature that allows the user to see the
GET requests as they present themselves. The software contains a Log tag
with a window. Almost every GET request is copied into this window.
Since the application copies the request string the possibility exists
that this copying leads to an overflow, and also the hang.

Tested on:
Windows 2000 Pro SP1
Windows NT4.0 Work SP6  (clean install)

Exploit:
Please read carefully:
The server does *not* hang if one sends a *single* request as follows:

GET /<60,000 A's> HTTP/1.0

The server *will* hang if this request is sent at least twice within the
period of 1 or 2 seconds.

I've played with smaller buffer sizes with mixed results.

Dino was not contacted.(I could not find an email address.)


'ken'@FTU


--
"I grew convinced that truth, sincerity and integrity in dealings 
between man and man were of the utmost importance to the felicity of 
life, and I formed a written resolution to practise them ever while I 
lived."
        -Benjamin Franklin, The Autobiography of Benjamin Franklin