Surfboard httpd Malformed Request DoS

2003-12-01T07:01:17
ID OSVDB:2909
Type osvdb
Reporter OSVDB
Modified 2003-12-01T07:01:17

Description

Vulnerability Description

Surfboard httpd contains a flaw that may allow a remote denial of service. The issue is triggered when a client does not send a second line-feed, and will result in loss of availability for the service.

Solution Description

Upgrade to version 1.1.9 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Patch the 1.1.8 distribution with the code provided by Luigi Auriemma in the original advisory.

Short Description

Surfboard httpd contains a flaw that may allow a remote denial of service. The issue is triggered when a client does not send a second line-feed, and will result in loss of availability for the service.

Manual Testing Notes

Connect to the server with telnet or netcat and then close the connection (without sending data).

References:

Secunia Advisory ID:10327 Related OSVDB ID: 2883 Other Advisory URL: http://aluigi.altervista.org/adv/surfd-adv.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-11/0351.html ISS X-Force ID: 13885