Savant Web Server Can Be Crashed By Remote Users Requesting '/%x' and Similar Strings
|
|
SecurityTracker Alert ID: 1007798 |
|
SecurityTracker URL: http://securitytracker.com/id/1007798
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Sep 24 2003
|
Impact:
Denial of service via network
|
Exploit Included: Yes
|
Version(s): 3.1
|
Description:
Phuong Nguyen reported a denial of service vulnerability in the Savant Web Server. A remote user can cause the web service to crash.
It is reported that a remote user can send an HTTP GET request containing various characters to cause the web service to crash with an "invalid memory reference" error. Any of the following characters can reportedly be used:
/%x
/%f
/%I
/%n
Other similar strings may also trigger the flaw.
The report indicates that such a request will cause the web server to continually redirect 'index.html' to itself, creating an infinite loop and then crashing.
The vendor was reportedly notified without response.
|
Impact:
A remote user can cause the web service to crash.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: savant.sourceforge.net/ (Links to External Site)
|
Cause:
Exception handling error, State error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 24 Sep 2003 06:24:56 -0700 (PDT)
Subject: Savant Web Server - Remote DoS
|
Release Date: 09/22/2003
TITLE
=====
Savant Web Server - Remote DoS
DESCRIPTION
===========
"Savant is a full-featured open source / freeware web
server designed to be run under any 32-bit version of
Microsoft Windows (including Windows 95, 98, ME, XP,
NT, and 2000). Savant was designed to be easy to use,
fast, and secure."
More information at http://savant.sourceforge.net
PROBLEMS
========
Affected Version : Savant Web Server 3.1 (lastest)
and probably older builds.
Tested Platform : Windows 2000 Professional.
Savant Web Server is suffered from multiple remote DoS
vulnerabilities which let an attacker to terminate the
daemon by sending a malformed request to the server.
DETAILS
=======
By sending GET request such as /%x /%f /%I /%n etc...
to Savant Web Server, the service will crash with a
dialog box popped up saying "invalid memory
reference". Examining the Savant general log files,
you will see the index.html keeps redirecting to
itself, hence causing an infinite loop until the http
service could not handle the requests and crashed.
GET
/%h/index.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlindex.htmlind
ex.htmlindex.html"
301 412
That's all for now folks!!! *yawn*
VENDOR STATUS
=============
I haven not gotten any reply from the vendor (and this
software hasn't been updated for a while), so my best
suggestion to Savant's users is either disable Savant
on your computer and wait for a newer release or just
simply switch to another stable and secure Web Server.
Phuong Nguyen
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
|
|
