From: David Endler (dendler@idefense.com)
Date: Mon Nov 04 2002 - 00:46:47 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
iDEFENSE Security Advisory 11.04.02b:
http://www.idefense.com/advisory/11.04.02b.txt
Denial of Service Vulnerability in Xeneo Web Server
November 4, 2002
I. BACKGROUND
Northern Solutions' Xeneo Web Server is a "fast, compact web server
that makes it easy to set up and administer a web site on the Windows
platform." More information about the application is available at
http://www.northernsolutions.com/index.php?view=product&id=1.
II. DESCRIPTION
Due to the improper handling of a specially crafted web request,
remote attackers may launch a denial of service attack against the
PHP version of Xeneo. The condition is triggered when the web server
receives a request for '%'. Upon successful exploitation, the web
server will crash with a Microsoft Visual C++ runtime error message.
The following is an example attack URL:
III. ANALYSIS
Any remote user with access to the application can launch this
attack, thereby denying legitimate users access to the server and the
contents and/or additional services provided.
IV. DETECTION
Xeneo 2.1.0.0 (PHP version) and 2.0.759.6 are vulnerable.
V. WORKAROUND
Use a filtering web proxy server to help mitigate against
exploitation.
VI. VENDOR FIX
Xeneo 2.1.5 and later should fix the problem. The latest release is
version 2.1.6.0, and it can be downloaded at
http://www.northernsolutions.com/downloads/xeneo_php_setup.exe.
VII. CVE INFORMATION
The Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project
assigned the identification number CAN-2002-1248 to this issue.
VIII. DISCLOSURE TIMELINE
10/06/2002 Issue disclosed to iDEFENSE
10/31/2002 Author notified
10/31/2002 iDEFENSE clients notified
10/31/2002 Response received from Robert Shanahan
(rshan@northernsolutions.com)
11/04/2002 Public disclosure
IX. CREDIT
Tamer Sahin (ts@securityoffice.net) discovered this vulnerability.
Get paid for security research
http://www.idefense.com/contributor.html
Subscribe to iDEFENSE Advisories:
send email to listserv@idefense.com, subject line: "subscribe"
About iDEFENSE:
iDEFENSE is a global security intelligence company that proactively
monitors sources throughout the world — from technical
vulnerabilities and hacker profiling to the global spread of viruses
and other malicious code. Our security intelligence services provide
decision-makers, frontline security professionals and network
administrators with timely access to actionable intelligence
and decision support on cyber-related threats. For more information,
visit http://www.idefense.com.
- -dave
David Endler, CISSP
Director, Technical Intelligence
iDEFENSE, Inc.
14151 Newbrook Drive
Suite 100
Chantilly, VA 20151
voice: 703-344-2632
fax: 703-961-1071
dendler@idefense.com
www.idefense.com
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.2
Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4B0ACC2A
iQA/AwUBPcYJR0rdNYRLCswqEQJUywCeM2rbzojGgJ0i56ucyre/UIkGHq0AoONk
5fG1yOAUGjyZjlvgE5QGaOua
=Pnv/
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:21:38 EDT