poorman.txt

`Missing traling '/' Remote Denial of Service Attack Advisory  
[february 5th 2000]  
UPDATED February 8th  
###############################################################  
Please, refer to http://bebugs.be.com/devbugs/detail.php3?oid=1229984  
as it makes this advisory obsolete...  
I discovered this very recently, but it seems it was in the Be inc.  
bug database for a while. Thanks goes to Kobie Lurie for giving  
me additional informations.  
###############################################################  
  
  
##### OLD ADVISORY HERE #####  
Software: PoorMan webserver  
Platform: BeOS R4.5 (i386)  
  
  
Note: The following has not been test over the PPC platform, please,  
let me know if you are able the reproduce it!  
  
Author: Jonathan Provencher  
[email protected]  
http://balistik.net  
  
  
Details:  
  
It is possible to cause the PoorMan webserver to crash (remotly)by   
sending a given URL to the server. In the case that interests us, a URL  
like http://server.com/somedir would make the server crash  
and output a Segment Violation in the 'web connection thread'. It seems  
it is the way that the server handles and parse the urls that makes him  
vulnerable. Adding a trailing '/' would not make the server to crash. I discovered  
this very recently, but it seems it was in the Be inc. bug database for a while.  
Thanks goes to Kobie Lurie for giving me additional informations. Sorry  
for any redundant alert! ;)  
  
  
Situation:  
  
The vendor (Be inc.) has not and will not be contacted for this  
vulnerability. This DoS can be worked around by installing the 4.5.2  
service pack provided freely by Be inc. PoorMan's users should really   
consider installing this service pack.  
  
  
Relevant links:  
  
R4.5.2 Service Pack  
http://www-classic.be.com/support/updates/  
  
Be inc.  
http://www.be.com  
######################`