SecurityOffice

Michael Lamont Savant Web Server Long Request DoS Vulnerability

Type

DoS, crashes Daemon

Release Date

January 5, 2002

Product / Vendor

Savant is a freeware open source web server that runs on Windows 95, 98, ME, NT, and 2000, turning any desktop computer into a powerful web server. Designed to be fast, secure, and efficient, Savant is the choice of thousands of professional and amateur webmasters worldwide.

http://savant.sourceforge.net

Summary

Attacks can be launched on a Savant host if a request is submitted containing an unusual number of arbitrary characters. Savant web server will stop responding, a restart of the application may be required in order to regain normal functionality.

http://host/cgi-bin/cgi-test.pl.....(238 char)......

The instruction at "0x002e2e3d" referenced memory at "0xac40303c". The memory could not be "written".

Log

Error File: <error.txt>
-
-
-
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: TCP buffer overflow
Error: Failure to create CGI Process
Error: Failure to create CGI Process
Error: Failure to create CGI Process
Error: Failure to create CGI Process
Error: Failure to create CGI Process
Error: Failure to create CGI Process
Error: Failure to create CGI Process
Error: Failure to create CGI Process
Error: Failure to create CGI Process

Tested

Windows 2000 / Savant 3.0

Vulnerable

Savant 3.0 (And may be other)

Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory.

Author

Tamer Sahin
ts(at)securityoffice.net
http://www.securityoffice.net