The Xitami Windows 95/98 webserver is vulnerable to a remote DoS attack.
64fd8af32411e699883ac1a9b8fdeeccfc5dc800bea17a82b88105de457d8d4d+++>===] Written by Nemesystm, member of the DHC [===<+++
++++>==] Visit us at dhc1.cjb.net You want 2 [==<++++
Subject: Xitami 2.4d4 win95/98 DoS
Description program: Xitami is a HTTP Server with a FTP daemon, etc.
Description DoS: Simply by connecting and disconnecting to a port Xitami
opens, you can completely lock up the server.
<-[what was used]->
Xitami 2.4d4 for Windows 95/98 downloaded from tucows.com
Installed with the typical installation, no standard settings changed.
This problem worked on: Windows 98 + IE5.0 and Windows NT 4.0 SP5
Xitami 2.4d6 (current version, same settings, not tested in WinNT no problem
in W98)
Xitami 2.5d2 Beta (version to come up, not tested in WinNT no problem W98)
<-[how to create the problem]->
telnet to victim.com 81
or whatever you feel like to connect to port 81.
then just hit enter or disconnect. Either way, on the server side the error
"assertion failed!" shows up, and as long as it's there, no connection whatsoever
can be made to the HTTP service nor the FTP Service nor port 81 (where LWRP
listens on, for a description on what that is, see the documentation that
comes with Xitami)
The message says: "Module E:\IMATIX\DEVELOP\SMT\XILRWP.C, line 265"
You then get three choices: Abort, Retry and Ignore. Retry and Ignore make
it that you can continue without a problem, (even though the server was
unreachable for as long as the error message was there), Abort however kills
the server and gives a Microsoft Visual C++ Runtime error. (abnormal program
termination).
<-[so what]->
This might not seem to be a big problem at first: just check the monitor
every once in a while, but what if you're not working? What if it's weekend?
What if it's at night? There's no telling how many people weren't able to
see the site while you're gone.
<-[logs]->
The logs show nothing spectacular.
console.log in /logs says:
2000/01/14/11:23:45: xilrwp: Peer failed to connect (ERROR: Malformed startup
string)
xitami.log shows something similar.
No IP addresses from the culprit. 8-)
<-[fix]->
Well, I waited with this till the new version was out. The new one doesn't
have the problem, nor does the beta version. I suggest getting that, or
making sure no connections to port 81 are allowed.
It's available at www.imatix.com.
Greetz,
nemesystm, leader of the DHC (dhc1.cjb.net)
>>>The End<<<
auto45040@hushmail.com for questions.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed