TUCoPS :: Web :: Servers :: web5502.htm

Omnicron OmniHttpd remote buffer overflow via long HTTP request
2nd Jul 2002 [SBWID-5502]
COMMAND

	Omnicron OmniHttpd remote buffer overflow via long HTTP request

SYSTEMS AFFECTED

	OmniHTTPd v2.09

PROBLEM

	Martin J. Muench BED [http://www.codito.de] found while developping  the
	\"Bruteforce                     Exploit                      Detector\"
	[http://www.kryptocrew.de/snakebyte/bed.html] :
	

	When sending a malformed request with a HTTP version containing 4096  or
	more characters, the HTTPd crashes.
	

	Example:
	

	perl -e \'print \"HEAD / \".\"a\"x4096 .\"\\n\\n\"\' | nc 127.0.0.1 80

	

	This attack also works with every  other  request  types  like  \'GET\',
	\'POST\',... .

SOLUTION

	Nothing yet

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH