OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: David Endler (dendler_at_idefense.com)
Date: Sun Nov 03 2002 - 23:46:47 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    iDEFENSE Security Advisory 11.04.02b:
    http://www.idefense.com/advisory/11.04.02b.txt
    Denial of Service Vulnerability in Xeneo Web Server
    November 4, 2002

    I. BACKGROUND

    Northern Solutions' Xeneo Web Server is a "fast, compact web server
    that makes it easy to set up and administer a web site on the Windows
    platform." More information about the application is available at
    http://www.northernsolutions.com/index.php?view=product&id=1.

    II. DESCRIPTION

    Due to the improper handling of a specially crafted web request,
    remote attackers may launch a denial of service attack against the
    PHP version of Xeneo. The condition is triggered when the web server
    receives a request for '%'. Upon successful exploitation, the web
    server will crash with a Microsoft Visual C++ runtime error message.
    The following is an example attack URL:

    http://target.server/%

    III. ANALYSIS

    Any remote user with access to the application can launch this
    attack, thereby denying legitimate users access to the server and the
    contents and/or additional services provided.

    IV. DETECTION

    Xeneo 2.1.0.0 (PHP version) and 2.0.759.6 are vulnerable.

    V. WORKAROUND

    Use a filtering web proxy server to help mitigate against
    exploitation.

    VI. VENDOR FIX

    Xeneo 2.1.5 and later should fix the problem. The latest release is
    version 2.1.6.0, and it can be downloaded at
    http://www.northernsolutions.com/downloads/xeneo_php_setup.exe.

    VII. CVE INFORMATION

    The Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project
    assigned the identification number CAN-2002-1248 to this issue.

    VIII. DISCLOSURE TIMELINE

    10/06/2002 Issue disclosed to iDEFENSE
    10/31/2002 Author notified
    10/31/2002 iDEFENSE clients notified
    10/31/2002 Response received from Robert Shanahan
                    (rshannorthernsolutions.com)
    11/04/2002 Public disclosure

    IX. CREDIT

    Tamer Sahin (tssecurityoffice.net) discovered this vulnerability.

    Get paid for security research
    http://www.idefense.com/contributor.html

    Subscribe to iDEFENSE Advisories:
    send email to listservidefense.com, subject line: "subscribe"

    About iDEFENSE:

    iDEFENSE is a global security intelligence company that proactively
    monitors sources throughout the world — from technical
    vulnerabilities and hacker profiling to the global spread of viruses
    and other malicious code. Our security intelligence services provide
    decision-makers, frontline security professionals and network
    administrators with timely access to actionable intelligence
    and decision support on cyber-related threats. For more information,
    visit http://www.idefense.com.

    - -dave

    David Endler, CISSP
    Director, Technical Intelligence
    iDEFENSE, Inc.
    14151 Newbrook Drive
    Suite 100
    Chantilly, VA 20151
    voice: 703-344-2632
    fax: 703-961-1071

    dendleridefense.com
    www.idefense.com

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.1.2
    Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4B0ACC2A

    iQA/AwUBPcYJR0rdNYRLCswqEQJUywCeM2rbzojGgJ0i56ucyre/UIkGHq0AoONk
    5fG1yOAUGjyZjlvgE5QGaOua
    =Pnv/
    -----END PGP SIGNATURE-----