SP Research Labs Advisory x06
---------------------------------
www.security-protocols.com

MyServer 0.4.3 Denial of Service
---------------------------------

Download it here:
http://myserverweb.sourceforge.net

Date Released - 09/08/2003

------------------------------------
Product Description from the vendor:
MyServer is a free and easy to configure web server.  MyServer is licensed
under the GNU General Public License (GPL). See the license page for
additional info.  MyServer is in continuous development and new features
will be present in future releases. Go here to see the latest news from
the MyServer project.  It is available for windows and linux platforms. 
MyServer's principal goal is to create a free and simple powerful server
to allow everyone to transform his home PC in a server and be you own
webmaster with few clicks and share information easily with all the world!
 It is a multithread application that support multiprocessor machines, in
this way can be appreciated for professional uses too.

---------------------------
Vulnerability Description:

A denial of service (could possibly be exploitable) vulnerability exists
within MyServer 0.4.3.

2.2.10.0. Please see the exploit code for the malicious payload as it is
to large to post within the email. Once the malicious payload has been
sent, the web server will crash giving a runtime error.  If you have found
out that this is indeed exploitable, please send me an email if you don't
mind.

Advisory Link:

http://www.security-protocols.com/article.php?sid=1596&mode=thread&order=0

Tested on:

Windows XP Pro SP1
Windows 2000 SP3

----------------------------
Download the exploit here:

http://fux0r.phathookups.com/coding/c++/sp-myserver.c

peace out,

----------------------------
badpack3t
founder
www.security-protocols.com
----------------------------