Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Xitami-2.4d4.dos.txt

🗓️ 29 Feb 2000 00:00:00Reported by nemesystmType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 39 Views

Xitami 2.4d4 vulnerable to Denial of Service via port 81, causing server crashes on Windows.

Code
`+++>===] Written by Nemesystm, member of the DHC [===<+++  
++++>==] Visit us at dhc1.cjb.net You want 2 [==<++++  
  
Subject: Xitami 2.4d4 win95/98 DoS  
Description program: Xitami is a HTTP Server with a FTP daemon, etc.  
Description DoS: Simply by connecting and disconnecting to a port Xitami   
opens, you can completely lock up the server.  
  
<-[what was used]->  
Xitami 2.4d4 for Windows 95/98 downloaded from tucows.com  
Installed with the typical installation, no standard settings changed.  
This problem worked on: Windows 98 + IE5.0 and Windows NT 4.0 SP5  
Xitami 2.4d6 (current version, same settings, not tested in WinNT no problem   
in W98)  
Xitami 2.5d2 Beta (version to come up, not tested in WinNT no problem W98)  
  
<-[how to create the problem]->  
telnet to victim.com 81  
or whatever you feel like to connect to port 81.  
then just hit enter or disconnect. Either way, on the server side the error   
"assertion failed!" shows up, and as long as it's there, no connection whatsoever   
can be made to the HTTP service nor the FTP Service nor port 81 (where LWRP   
listens on, for a description on what that is, see the documentation that   
comes with Xitami)  
The message says: "Module E:\IMATIX\DEVELOP\SMT\XILRWP.C, line 265"  
You then get three choices: Abort, Retry and Ignore. Retry and Ignore make   
it that you can continue without a problem, (even though the server was   
unreachable for as long as the error message was there), Abort however kills   
the server and gives a Microsoft Visual C++ Runtime error. (abnormal program   
termination).  
  
<-[so what]->  
This might not seem to be a big problem at first: just check the monitor   
every once in a while, but what if you're not working? What if it's weekend?   
What if it's at night? There's no telling how many people weren't able to   
see the site while you're gone.  
  
<-[logs]->  
The logs show nothing spectacular.  
console.log in /logs says:  
2000/01/14/11:23:45: xilrwp: Peer failed to connect (ERROR: Malformed startup   
string)  
xitami.log shows something similar.  
No IP addresses from the culprit. 8-)  
  
<-[fix]->  
Well, I waited with this till the new version was out. The new one doesn't   
have the problem, nor does the beta version. I suggest getting that, or   
making sure no connections to port 81 are allowed.  
It's available at www.imatix.com.  
  
Greetz,  
nemesystm, leader of the DHC (dhc1.cjb.net)  
  
>>>The End<<<  
[email protected] for questions.  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Feb 2000 00:00Current
7.4High risk
Vulners AI Score7.4
xitami 2.4d4 denial of service attack windows 95/98 port 81 http ftp failure
39