MacOS Personal Web Sharing Can Be Crashed By Remote Users
|
|
SecurityTracker Alert ID: 1001540 |
|
SecurityTracker URL: http://securitytracker.com/id/1001540
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: May 15 2001
|
Impact:
Denial of service via network
|
Exploit Included: Yes
|
Version(s): v1.5.5; possibly earlier
|
Description:
It is reported that the MacOS Personal Web Sharing extension contains a vulnerability that allows remote users to cause the service to shut down.
It is reported that the Apple MacOS Personal Web Sharing extension, which ships with MacOS 9, cannot properly process a request longer than 6000 characters. A request that contains 6000 or more characters appears to cause web file sharing to stop. Web sharing can easily be started up again in seconds, according to the report.
A demonstration exploit URL is:
http://[targetfileserver]/?aaaaaaaaa... [approx. 6000 characters]
|
Impact:
A remote user can cause the web file sharing service to shut down.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.apple.com/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
MacOS
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 10 May 2001 07:32:43 +0200 (EET)
Subject: Personal Web Sharing remote stop
|
Personal Web Sharing Remote Stop.
Versions affected: Personal Web sharing v1.5.5, probably earlier.
Problem:
Personal Web Sharing extension, which ships with MacOS 9, can\'t handle
a request longer than 6000 characters. A request, which contains 6000 or
more characters seems to stop the file sharing, probably to avoid a
system freeze. Web sharing can easily be started up again in seconds.
Exploit:
http://fileserver/?aaaaaaaaa... [approx. 6000 characters]
Solution: Nothing. Vendor not contacted, I\'m sure he\'s aware of that.
Jass Seljamaa,
jass@isp.ee
-------------------------------------------------
This mail sent through IMP: email.isp.ee
|
|
