WebBBS Pro Can Be Crashed By Remote Users
|
|
SecurityTracker Alert ID: 1006968
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 12 2003
|
Impact: Denial of service via network
|
Exploit Included: Yes
|
Version(s): 1.18
|
Description: Ziv Kamir reported a denial of service vulnerability in the WebBBS Pro web server from Mike Bryeans. A user can crash the web server.
Using the following URL, a user can cause the server to crash:
http://localhost/*
[Editor's note: It is not clear if the crash
can be triggered remotely or if it only is successful via the localhost interface. We have asked for clarification and will update
this Alert accordingly.]
The vendor was reportedly notified (on June 10, 2003).
|
Impact: A user can cause the web service to crash.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: webbbs.dynip.com/ (Links to External Site)
|
Cause: Exception handling error
|
Underlying OS: Windows (Any)
|
Reported By: Ziv Kamir <vulncode@yahoo.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 11 Jun 2003 04:30:20 -0700 (PDT)
From: Ziv Kamir <vulncode@yahoo.com>
Subject: Vulnerability Under WebBBS Pro Ver 1.18
|
This is a multi-part message in MIME format.
--------------010303010603050408090604
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Hi ,
------------------------------------------------------------------------
Do you Yahoo!?
The New Yahoo! Search
<http://us.rd.yahoo.com/search/mailsig/*http://search.yahoo.com> -
Faster. Easier. Bingo.
--------------010303010603050408090604
Content-Type: text/plain;
name="WebBBS.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="WebBBS.txt"
10/06/03
Ziv Kamir
---------
-------------------------------------------------------
Application: WebBBS Pro
Web Site: http://www.webbbs.org/
Versions: 1.18
Platform: Windows
Bug: Denial of service vulnerability .
Credits:
########
#################################
# #
# Ziv Kamir #
# #
# Email : vulncode@yahoo.com #
# #
# #
#################################
---------------------
1) Introduction
2) Bug
3) The Code
4) Fix
===============
1) Introduction
===============
WebBBS Pro is the World's Most Advanced Web package providing an easy to use and secure Web Server.
WebBBS Pro gives webmasters and system
administrators the power to provide truly interactive Web content with Email, threaded messaging boar
ds, document retrieval, user
authentication, real-time chat, PHP script support, file boards, and more
=======
2) Bug
=======
Using the following URL http://localhost/* will cause the server to Crash .
===========
3) The Code
===========
http://localhost/*
======
4) Fix
======
Date of Vendor Notification:
10/06/03
Status:
==============================================================================================
*** The Data is for educational purpose only. ***
The information in this bulletin is provided "AS IS" without warranty of any
kind. In no event shall we be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or special damages.
==============================================================================================
SUPPORT@WEBBBS.ORG
--------------010303010603050408090604--
|
|
