TUCoPS :: Web BBS :: etc :: sax03.txt

Securax-sa-03 Ezboard ver. 5.3.9 can be caused unreachable
 

=============================================================================
Securax-SA-03                                               Security Advisory
belgian.networking.security                                             Dutch
=============================================================================
Topic:          Ezboard ver. 5.3.9 can be caused unreachable.
Announced:      2000-05-24
Affects:        Ezboard Ver. 5.3.9.
                Other versions not tested.
=============================================================================

            

Note: This  entire  advisory has been based upon trial and error results.  We
      can not ensure the information below is 100% correct being that we have
      no  source  code  to audit.  This document is subject to change without
      prior notice.

      If you happen to find more information or problems concerning the below
      problem  or  further  varients please contact ezboard themselves and/or
      frazzle_freckle@hehe.com.

I.  Problem Description
-----------------------

When someone visits http://pub4.ezboard.com/u*.showPublicProfile for example,
every  ezboard  on  server6.ezboard.com  will  become unreachable for anyone.
The  problem  occurs when trying to Show a users public profile.  When a user
is replaced with '*' it causes the server to strain.  If you want to make the
ezboards  on pub7.ezboard.com unreachable you can visit the following site as
well:  http://pub7.ezboard.com/u*.showPublicProfile.   Not  much research has
been  directed  to locating the full list of pub* servers.  Variable standard
wildcard  characters also cause the servers to have the same reaction, ie: $,
&, @, etc.

II. Impact

Ezboard  servers  and  client message boards, etc. can be caused to be lagged
and unreachable while the service strains for large wildcard responses.
Their could be made code that would take the server down fully.
For example: perl -e 'for(;;){`(sleep 30;killall -9 lynx)|lynx http://address/`}'
This is not tested.

III.  Solution

The  service  has  been  notified and will hopefully be fixed within the near
future  to prevent and further misfortune for current clients/users in action
of  service.   I  would  strongly  suggest changing the character type of the
standard wildcards which do special uneeded tasks.

IV.   Credits

 greetz: R00T-dude, securax, Zoa_Chien, Visjnu, Zym0t1c, HTWX, H4H, loophole and hhp.

-Frazzle_Freckle(frazzle_freckle@hehe.com).
=============================================================================
For more information                                 frazzle_freckle@hehe.com
Website                                                http://www.securax.org
Advisories/Text                                   http://www.securax.org/pers
-----------------------------------------------------------------------------

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH