Vulnerability

    thttpd

Affected

    Brickserver thttpd

Description

    'lockdown'  &  'banned-it'   found  following.   Brickhouse   runs
    thttpd/2.16 with  brickhouse modifications  for its  webserver and
    it is closed source.  It appears thttpd is resorting to vsprintf()
    numerous times because it  is lacking snprintf() and  vsnprintf().
    The thttpd source clearly states  that the code may not  be secure
    when running in  an environment that  does not contain  the proper
    header files.

    This has also only been  tested against this single server.   Does
    it affect  all brickhouse  servers, it  unknown because  Sage Inc.
    never replied to our email notifying them of the problem.

    Attack:

        http://www.victim.com/aaaaaaaaaaaaaaaaaaaaaaaaaaa

    about 800 a's should  do.  You can  also telnet and use  the 'GET'
    command.

    thttpd - the trivial http daemon we are talking about here is  NOT
    the  original  thttpd  that  comes  with  deception toolkit.  This
    server was  proven secure  years ago,  and while  it may reside on
    computers that are  vulnerable to denial  of service attacks,  the
    original thttpd has NO SUCH VULNERABILITY!

Solution

    This is  the risk  of modifying  a reall  secure server - assuming
    they  didn't  just  take  the  name  as  their  own.  For the real
    thttpd,  goto  all.net  and  load  it  with  the rest of Deception
    Toolkit.