savant31.txt

`Release Date: 09/22/2003  
  
TITLE  
=====  
Savant Web Server - Remote DoS  
  
DESCRIPTION  
===========  
"Savant is a full-featured open source / freeware web  
server designed to be run under any 32-bit version of  
Microsoft Windows (including Windows 95, 98, ME, XP,  
NT, and 2000). Savant was designed to be easy to use,  
fast, and secure."  
  
More information at http://savant.sourceforge.net  
  
PROBLEMS  
========  
Affected Version : Savant Web Server 3.1(latest)  
and probably older builds.  
Tested Platform : Windows 2000 Professional.  
  
Savant Web Server is suffered from multiple remote DoS  
vulnerabilities which let an attacker to terminate the  
daemon by sending a malformed request to the server.  
  
DETAILS  
=======  
  
By sending GET request such as /%x /%f /%I /%n etc...  
to Savant Web Server, the service will crash with a  
dialog box popped up saying "invalid memory  
reference". Examining the Savant general log files,  
you will see the index.html keeps redirecting to  
itself, hence causing an infinite loop until the http  
service could not handle the requests and crashed.   
  
GET   
/%h/index.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.html"  
301 412  
  
That's all for now folks!!! *yawn*  
  
VENDOR STATUS  
=============  
I haven not gotten any reply from the vendor (and this  
software hasn't been updated for a while), so my best  
suggestion to Savant's users is either disable Savant  
on your computer and wait for a newer release or just  
simply switch to another stable and secure Web Server.  
  
Phuong Nguyen  
  
__________________________________  
Do you Yahoo!?  
Yahoo! SiteBuilder - Free, easy-to-use web site design software  
http://sitebuilder.yahoo.com  
`