[ Advisory for Xitami 2.4d7, 2.5d4 ]
 [ Xitami is made by Imatix. ]
 [ Site: http://xitami.com ]
 [ by nemesystm of the DHC ]
 [ (http://dhcorp.cjb.net - neme-dhchushmail.com) ]
 [ ADV-0105 ]

/-|=[explanation]=|-\
Xitami is a webserver. It has a denial of service.

/-|=[who is vulnerable]=|-\
Anyone running Xitami 2.5d4, 2.4d7 and presumably
earlier on a Windows 98/Millennium operating system.

/-|=[testing it]=|-\
To test this vulnerability, try the following.
send a request like this one:
www.server.com/aux
some computers crash after this request.
Others seem to continue working, but when trying to
browse the website or logging into the FTP server it
fails. Sometimes a refresh of the main page even
works, but no other links work.
Trying to close the server by hitting the terminate
button fails as well, meaning you'll have to
Ctrl+Alt+Del it.

/-|=[notes]=|-\
Because some computers do not crash completely or give
any error messages this is dangerous as things seem
to be normal at first glance.

/-|=[fix]=|-\
Not known at the moment, vendor was contacted and said
they would look into it. Over a week has gone by and nothing.
Free, encrypted, secure Web-based email at www.hushmail.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]