File: LynX-adv_myServer.txt
Date: 06/12/2003
Adv: 2

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 o NAME: problems with signals in 'myServer'

 o CLASS: remote DoS

 o PROGRAMM: myServer [http://myserverweb.sourceforge.net/]
  - Affected versions: =< 0.4.1
  - Immune versions: -

 o OS: Linux, Windows

 o VENDOR: Giuseppe Scrivano (Project Manager)

 o DESCRIPTION:
   myServer is an application and web server for Microsoft Windows and Linux
  operating systems.

 o VULNERABILITY DESCRIPTION:
   There are some problems with signals. You can call 'Segmentation fault' and
  terminate work of the 'myServer', by sending some signals to the server (SIGINT
  etc.).

  Example:

   # telnet 127.0.0.1 80
   Trying 127.0.0.1...
   Connected to 127.0.0.1.
   Escape character is '^]'.
   [Ctrl]+C
   Connection closed by foreign host.
   # gdb -c core
   GNU gdb 5.0mdk-11mdk Linux-Mandrake 8.0
   Copyright 2001 Free Software Foundation, Inc.
   GDB is free software, covered by the GNU General Public License, and you are
   welcome to change it and/or distribute copies of it under certain conditions.
   Type "show copying" to see the conditions.
   There is absolutely no warranty for GDB.  Type "show warranty" for details.
   This GDB was configured as "i386-mandrake-linux".
   Core was generated by `./myserver'.
   Program terminated with signal 11, Segmentation fault.
   #0  0x40187f92 in ?? ()
   (gdb) bt
   #0  0x40187f92 in ?? ()
   #1  0x08053bc0 in ?? ()
   #2  0x0804e744 in ?? ()
   #3  0x40093817 in ?? ()

   'myServer' package include only executable files, so i cant show the vulnerable
  code :(.

  P.S. Sorry, for my poor english :).

 o VULNERABILITY PREVENTION:
  In the next versions of 'myServer', this vulnerability will be fixed.

 o PROOF OF CONCEPT EXPLOIT: none

 o VENDOR RESPONSE:
   I has post message about this vulnerability on 'myServer' home page, and
  received an answer:

   - The same problem was reported on the WIN32 platform. The error was found in
     the HTTP protocol parser that work correctly only when find a valid http
     header. This bug, that can be cause of DoS attacks will be absent in the
     imminent next release of MyServer, actually wasn't tested on linux but it will
     be. Thanks for your note.

 o CREDITS:
  - Thanks: nob0dy, Xarth, /dev/0id
  - Greets: R00T T34M [http://rootteam.void.ru],
            void,
            LimpidByte,
            np0ison

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                                                Discovered by LynX
                                                                     <_LynX@bk.ru>
                                               / close your eyes & dream with me /
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -