OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: neme-dhcHUSHMAIL.COM
Date: Tue Apr 17 2001 - 09:41:03 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

     [ Advisory for Xitami 2.4d7, 2.5d4 ]
     [ Xitami is made by Imatix. ]
     [ Site: http://xitami.com ]
     [ by nemesystm of the DHC ]
     [ (http://dhcorp.cjb.net - neme-dhchushmail.com) ]
     [ ADV-0105 ]

    /-|=[explanation]=|-\
    Xitami is a webserver. It has a denial of service.

    /-|=[who is vulnerable]=|-\
    Anyone running Xitami 2.5d4, 2.4d7 and presumably
    earlier on a Windows 98/Millennium operating system.

    /-|=[testing it]=|-\
    To test this vulnerability, try the following.
    send a request like this one:
    www.server.com/aux
    some computers crash after this request.
    Others seem to continue working, but when trying to
    browse the website or logging into the FTP server it
    fails. Sometimes a refresh of the main page even
    works, but no other links work.
    Trying to close the server by hitting the terminate
    button fails as well, meaning you'll have to
    Ctrl+Alt+Del it.

    /-|=[notes]=|-\
    Because some computers do not crash completely or give
    any error messages this is dangerous as things seem
    to be normal at first glance.

    /-|=[fix]=|-\
    Not known at the moment, vendor was contacted and said
    they would look into it. Over a week has gone by and nothing.
    Free, encrypted, secure Web-based email at www.hushmail.com