Re: Denial of Service in Xitami webserver all versions...

[marc () EEYE COM (Marc)]

Xitami also has an overflow in one of the default example CGI programs that
it comes with.

http://server.com/cgi-bin/TESTCGI.EXE bla bla bla overflow argv fun.

Signed,
Marc
eEye Digital Security
http://www.eEye.com

"Its a bullshit, three ring, circus sideshow. The only way to fix it is to
flush it all away."

 -----Original Message-----
| From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of
| Simon
| Sent: Tuesday, April 04, 2000 12:52 PM
| To: VULN-DEV () SECURITYFOCUS COM
| Subject: Re: Denial of Service in Xitami webserver all versions...
|
|
| -----BEGIN PGP SIGNED MESSAGE-----
| Hash: SHA1
|
| VULN-DEV, how-do-you-do!
|
|        I received a response from IMATIX after forwarding the posts from
|        VULN-DEV re remotely crashing Xitami webserver by sending
| simple GET
|        command. They immediately released 2.4d7 with fix. Also, they have
|        said that they will now change default install behaviour
| of Xitami to
|        not allow anon FTP logins.
|
|
|       --
|
|       Slán anois,
|
|       Síomón Breathnach
|
|
|          Obiter dictum: Entia non sunt multiplicanda praeter necessitatem.
|
|
| *------------------------------>>><><<<------------------------------*
|
|                                 How To Get In Touch
|                              v===v===v===v===v===v===v
|                        Send Email To: simon () infowizard co uk
|                         Fax & Voicemail: 01792 540900 (+44)
|
|                                 Pretty Good Privacy
|                              v===v===v===v===v===v===v
|                               PGP: http://www.pgp.com
|               Public Key: http://www.netbanger.com/pgp/pubkey.shtml
|                        Key Server: ldap://certserver.pgp.com
|
|                                  Very Useful Links
|                              v===v===v===v===v===v===v
|                The Bat!: http://www.ritlabs.com/the_bat/index.html
|                           Notetab: http://www.notetab.com
|
|
| *------------------------------>>><><<<------------------------------*
|
|
| >>Anyone can remotely crash Xitami webserver by sending simple GET
| >>command. On remote side will be:
| >>
| >>Assertion Failed!
| >>Module: D:\Imatix\Develop\Smt\Smthttpl.c , line 745
| >>
| >>All you need to do is just telnet to remote computer and execute
| >>GET<space><enter><enter> command. Also Xitami will crash if
| you'll execute
| >>POST<space><enter><enter> or HEAD<space><enter><enter> command.
| >>
| >>
| >>There is another DoS in Xitami. By default installation Xitami
| >>allows anonymous users on ftp. So connect to remote computer as
| >>anonymous user and execute cd con/con command.
| >>-----------------------------
| >>
| >>romanv () citycat ru
| >
| >Tried to bring it down from a remote account which failed, got std http
| >error msg back.
| >Version Xitami 2.4d1 on Winx, set up for this one on http 8080, without
| >authorisation or ipmasks.
| >
| >Are you sure it ain't because you used a beta version?
| >Or did you test some previous versions as well?
| >Is it in the console or the std. version?
| >Did you compile it yourself or did you get a precompiled version?
| >
| >
| >Questions, questions...
| >
| >Cheers, Mitch.
|
| -----BEGIN PGP SIGNATURE-----
| Version: PGP 6.5i
| Comment: Privacy is freedom. Protect your freedom with PGP.
|
| iQA/AwUBOOpHxctub/5cfolmEQIpxgCg6s4xL6BxSHg6d1bwacBlFTb7dqAAn3rQ
| QH+S43I03/WV3n5rHJVcgbcO
| =eyM3
| -----END PGP SIGNATURE-----
|