Big Sam bigsam_guestbook.php DoS

2002-03-18T23:13:20
ID OSVDB:5288
Type osvdb
Reporter Ahmet Sabri ALPER(s_alper@hotmail.com)
Modified 2002-03-18T23:13:20

Description

Vulnerability Description

BigSam contains a flaw that may allow a remote denial of service or information leakage. The issue is triggered when the guestbook PHP script receives a big number, and will result in ressources being consumed on the system.

Solution Description

Upgrade to version 1.1.09 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

BigSam contains a flaw that may allow a remote denial of service or information leakage. The issue is triggered when the guestbook PHP script receives a big number, and will result in ressources being consumed on the system.

Manual Testing Notes

The flaw can be demonstrated using the URL which will start consuming ressources on the server: http://[victim]/bigsam_guestbook.php?displayBegin=9999...9999

References:

Vendor URL: http://bigsam.gezzed.net/ Related OSVDB ID: 5287 Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2002-03/0223.html Keyword: ARL02-A11 Keyword: guestbook Keyword: Big Sam ISS X-Force ID: 8478 CVE-2002-0462 Bugtraq ID: 4312