SP Research Labs Advisory x06 --------------------------------- www.security-protocols.com MyServer 0.4.3 Denial of Service --------------------------------- Download it here: http://myserverweb.sourceforge.net Date Released - 09/08/2003 ------------------------------------ Product Description from the vendor: MyServer is a free and easy to configure web server. MyServer is licensed under the GNU General Public License (GPL). See the license page for additional info. MyServer is in continuous development and new features will be present in future releases. Go here to see the latest news from the MyServer project. It is available for windows and linux platforms. MyServer's principal goal is to create a free and simple powerful server to allow everyone to transform his home PC in a server and be you own webmaster with few clicks and share information easily with all the world! It is a multithread application that support multiprocessor machines, in this way can be appreciated for professional uses too. --------------------------- Vulnerability Description: A denial of service (could possibly be exploitable) vulnerability exists within MyServer 0.4.3. 2.2.10.0. Please see the exploit code for the malicious payload as it is to large to post within the email. Once the malicious payload has been sent, the web server will crash giving a runtime error. If you have found out that this is indeed exploitable, please send me an email if you don't mind. Advisory Link: http://www.security-protocols.com/article.php?sid=1596&mode=thread&order=0 Tested on: Windows XP Pro SP1 Windows 2000 SP3 ---------------------------- Download the exploit here: http://fux0r.phathookups.com/coding/c++/sp-myserver.c peace out, ---------------------------- badpack3t founder www.security-protocols.com ----------------------------