Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: neme-dhcHUSHMAIL.COM
Date: Tue Apr 17 2001 - 09:41:03 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

     [ Advisory for Xitami 2.4d7, 2.5d4 ]
     [ Xitami is made by Imatix. ]
     [ Site: http://xitami.com ]
     [ by nemesystm of the DHC ]
     [ (http://dhcorp.cjb.net - neme-dhchushmail.com) ]
     [ ADV-0105 ]

    Xitami is a webserver. It has a denial of service.

    /-|=[who is vulnerable]=|-\
    Anyone running Xitami 2.5d4, 2.4d7 and presumably
    earlier on a Windows 98/Millennium operating system.

    /-|=[testing it]=|-\
    To test this vulnerability, try the following.
    send a request like this one:
    some computers crash after this request.
    Others seem to continue working, but when trying to
    browse the website or logging into the FTP server it
    fails. Sometimes a refresh of the main page even
    works, but no other links work.
    Trying to close the server by hitting the terminate
    button fails as well, meaning you'll have to
    Ctrl+Alt+Del it.

    Because some computers do not crash completely or give
    any error messages this is dangerous as things seem
    to be normal at first glance.

    Not known at the moment, vendor was contacted and said
    they would look into it. Over a week has gone by and nothing.
    Free, encrypted, secure Web-based email at www.hushmail.com