TUCoPS :: Web :: Servers :: smallhtt.htm

Small HTTP Server ver. 1.212 (maybe others) Buffer Overflow
Vulnerability

    Small HTTP Server

Affected

    Small HTTP Server ver. 1.212 (maybe others)

Description

    The  Ussr  Labs  team  has  recently  discovered a buffer overflow
    memory  problem  in  the  Small  HTTP  Server.  What happens is by
    preforming an attack with a  malformed url information to port  80
    it  will  cause  the  proccess  containg  the  services  to   stop
    responding.

    The  http  Server  (Port  80)  service  has  a overflow in the GET
    command:

        [hellme@die-communitech.net$ telnet example.com 80
        Trying example.com...
        Connected to example.com.
        Escape character is '^]'.
        GET /[buffer]

    Where [buffer] is aprox. 65000 characters and the process containg
    the service crash.

Solution

    Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH