BadBlue's Windows-Based Web Server Can Be Crashed Via the Network and May Display Full Path Names
SecurityTracker Alert ID: 1000945|
SecurityTracker URL: http://securitytracker.com/id/1000945
(Links to External Site)
Updated: Feb 17 2001|
Original Entry Date: Feb 17 2001
Denial of service via network, Disclosure of user information|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes |
Version(s): BadBlue 1.02.07 Personal Edition and possibly others with the same version number|
The BadBlue web server for Windows reportedly contains two vulnerabilities. By remotely providing the web server's "ext.dll" file with improper data, you can 1) obtain the full path of the web server, and 2) crash the web server.|
The BadBlue web server reportedly serves files through a library called ext.dll. A typical request might be:
If data following the "ext.dll" in a request is ommitted, the server will return an error which discloses the path of the server on the host. In addition, by supplying data of 284 bytes or greater following the "ext.dll", the BadBlue web server can be made to crash.
An attacker can remotely determine the full path of the web server and can cause the web server to crash.|
The vendor has fixed the problem in a new release: BadBlue version 1.02.8.|
Vendor URL: www.badblue.com (Links to External Site)
Exception handling error, Input validation error|
|Underlying OS: Windows (Any)|
Source Message Contents
Subject: FW: BadBlue Web Server Ext.dll Vulnerabilities|
From: SNS Research [mailto:email@example.com]
Sent: Saturday, February 17, 2001 2:19 AM
Subject: BadBlue Web Server Ext.dll Vulnerabilities
Strumpf Noir Society Advisories
! Public release !
-= BadBlue Web Server Ext.dll Vulnerabilities =-
Release date: Saturday, February 17, 2001
BadBlue is a (MS Windows-based) web server intended for a wide range of
applications, from providing file sharing possibilities to an
application development and deployment environment. It includes
full-featured support of tools like CGI, ISAPI and PHP.
BadBlue can be found on at vendor Working Resources Inc.'s website:
The BadBlue web server serves files through a library called ext.dll.
A typical request to the server would be build up through a request to
this file together with a string containing the actual command data like
Some ways have been found to manipulate the server by playing with this
string. By omitting the data following ext.dll in above mentioned
request, the server will return an error which discloses information
regarding the path where it is running on the machine. What's more, by
substituting this data for a string of 284 bytes or more, the BadBlue
web server will die.
Directory disclosure example:
will result in:
[Error: opening c:\program files\badblue\pe\default.htx (2)]
http://server/ext.dll?aaaaa(x 248 bytes)
will cause the server to die.
Working Resources Inc. has made BadBlue version 1.02.8 availble from its
website, which adresses these problems.
This was tested against BadBlue 1.02.07 Personal Edition. After
contacting the vendor it is our understanding that the other members of
the BadBlue product suite are based on the same code base and are
vulnerable as well. Users are encouraged to upgrade.
Free sk8! (http://www.freesk8.org)
SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)
compliant, all information is provided on AS IS basis.
EOF, but Strumpf Noir Society will return!
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: firstname.lastname@example.org