[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] shttpd long get request vuln ( retro )
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] shttpd long get request vuln ( retro )
- From: "Morning Wood" <se_cur_ity@xxxxxxxxxxx>
- Date: Wed, 18 Oct 2006 00:27:54 -0700
see attatched retro advisory
------------------------------------------------------------
- EXPL-A-2006-005 exploitlabs.com Retro Advisory 002 -
------------------------------------------------------------
- SHTTPD -
AFFECTED PRODUCTS
=================
SHTTPD < v1.34
http://shttpd.sourceforge.net/
OVERVIEW
========
"SHTTPD is a lightweight web server. The main design
goals are the ease of use and the ability to embed.
Ideal for personal use, web-based software demos
(like PHP, Perl etc), quick file sharing.
A care has been taken to make the code secure"
RETRO-RELEASE DATE:
===================
Oct 10, 2005
Duplicate Release: Oct 06, 2006
by: sk0de
http://secunia.com/advisories/22294/
DETAILS
=======
SHTTPD is vulnerable to an overly long GET request.
SOLUTION
========
patch: Upgrade to v1.35
PROOF OF CONCEPT
================
1.start SHTTPD
2.send an overly long GET request
http://[host]/Ax274 chars ( v1.27 - v1.30 )
http://[host]/Ax256 chars ( v1.34 )
v1.31-v1.33 untested
2a.
PoC by Sk0de
http://www.milw0rm.com/exploits/2482
CREDITS
=======
"sk0de - http://secunia.com/advisories/22294/ "
RETRO-CREDITS
=============
This vulnerability was discovered and researched by
Donnie Werner of Exploitlabs. At the original time
of discovery and retro-release date, the author was
not aware of any other advisories or research by 3rd parties.
Donnie Werner
wood@xxxxxxxxxxxxxxx
morning_wood@xxxxxxxxxx
--
web: http://exploitlabs.com
http://exploitlabs.com/files/advisories/EXPL-A-2006-005-shttpd.txt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/