Missing traling '/' Remote Denial of Service Attack Advisory
[february 5th 2000]
UPDATED February 8th
###############################################################
Please, refer to http://bebugs.be.com/devbugs/detail.php3?oid=1229984
as it makes this advisory obsolete...
I discovered this very recently, but it seems it was in the Be inc.
bug database for a while. Thanks goes to Kobie Lurie for giving
me additional informations.
###############################################################


##### OLD ADVISORY HERE #####
Software:  PoorMan webserver
Platform: BeOS R4.5 (i386)


Note: The following has not been test over the PPC platform, please,
let me know if you are able the reproduce it!

Author: Jonathan Provencher
oktober@balistik.net
http://balistik.net


Details:

It is possible to cause the PoorMan webserver to crash (remotly)by 
sending a given URL to the server.  In the case that interests us, a URL
like http://server.com/somedir would make the server crash
and output a Segment Violation in the 'web connection thread'.  It seems
it is the way that the server handles and parse the urls that makes him
vulnerable.  Adding a trailing '/'  would not make the server to crash. I discovered
this very recently, but it seems it was in the Be inc. bug database for a while.
Thanks goes to Kobie Lurie for giving me additional informations.  Sorry
for any redundant alert! ;)


Situation:

The vendor (Be inc.) has not and will not be contacted for this
vulnerability.  This DoS can be worked around by installing the 4.5.2
service pack provided freely by Be inc.  PoorMan's users should really 
consider installing this service pack.


Relevant links:

R4.5.2 Service Pack
http://www-classic.be.com/support/updates/

Be inc.
http://www.be.com
######################