From dendler@idefense.com Sat Nov 9 10:46:44 2002 From: David Endler To: full-disclosure@lists.netsys.com Date: Mon, 4 Nov 2002 00:46:47 -0500 Subject: [Full-Disclosure] iDEFENSE Security Advisory 11.04.02b: Denial of Service Vulnerability in Xeneo Web Server -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 11.04.02b: http://www.idefense.com/advisory/11.04.02b.txt Denial of Service Vulnerability in Xeneo Web Server November 4, 2002 I. BACKGROUND Northern Solutions' Xeneo Web Server is a "fast, compact web server that makes it easy to set up and administer a web site on the Windows platform." More information about the application is available at http://www.northernsolutions.com/index.php?view=product&id=1. II. DESCRIPTION Due to the improper handling of a specially crafted web request, remote attackers may launch a denial of service attack against the PHP version of Xeneo. The condition is triggered when the web server receives a request for '%'. Upon successful exploitation, the web server will crash with a Microsoft Visual C++ runtime error message. The following is an example attack URL: http://target.server/% III. ANALYSIS Any remote user with access to the application can launch this attack, thereby denying legitimate users access to the server and the contents and/or additional services provided. IV. DETECTION Xeneo 2.1.0.0 (PHP version) and 2.0.759.6 are vulnerable. V. WORKAROUND Use a filtering web proxy server to help mitigate against exploitation. VI. VENDOR FIX Xeneo 2.1.5 and later should fix the problem. The latest release is version 2.1.6.0, and it can be downloaded at http://www.northernsolutions.com/downloads/xeneo_php_setup.exe. VII. CVE INFORMATION The Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project assigned the identification number CAN-2002-1248 to this issue. VIII. DISCLOSURE TIMELINE 10/06/2002 Issue disclosed to iDEFENSE 10/31/2002 Author notified 10/31/2002 iDEFENSE clients notified 10/31/2002 Response received from Robert Shanahan (rshan@northernsolutions.com) 11/04/2002 Public disclosure IX. CREDIT Tamer Sahin (ts@securityoffice.net) discovered this vulnerability. Get paid for security research http://www.idefense.com/contributor.html Subscribe to iDEFENSE Advisories: send email to listserv@idefense.com, subject line: "subscribe" About iDEFENSE: iDEFENSE is a global security intelligence company that proactively monitors sources throughout the world ^× from technical vulnerabilities and hacker profiling to the global spread of viruses and other malicious code. Our security intelligence services provide decision-makers, frontline security professionals and network administrators with timely access to actionable intelligence and decision support on cyber-related threats. For more information, visit http://www.idefense.com. - -dave David Endler, CISSP Director, Technical Intelligence iDEFENSE, Inc. 14151 Newbrook Drive Suite 100 Chantilly, VA 20151 voice: 703-344-2632 fax: 703-961-1071 dendler@idefense.com www.idefense.com -----BEGIN PGP SIGNATURE----- Version: PGP 7.1.2 Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4B0ACC2A iQA/AwUBPcYJR0rdNYRLCswqEQJUywCeM2rbzojGgJ0i56ucyre/UIkGHq0AoONk 5fG1yOAUGjyZjlvgE5QGaOua =Pnv/ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html