Missing traling '/' Remote Denial of Service Attack Advisory [february 5th 2000] UPDATED February 8th ############################################################### Please, refer to http://bebugs.be.com/devbugs/detail.php3?oid=1229984 as it makes this advisory obsolete... I discovered this very recently, but it seems it was in the Be inc. bug database for a while. Thanks goes to Kobie Lurie for giving me additional informations. ############################################################### ##### OLD ADVISORY HERE ##### Software: PoorMan webserver Platform: BeOS R4.5 (i386) Note: The following has not been test over the PPC platform, please, let me know if you are able the reproduce it! Author: Jonathan Provencher oktober@balistik.net http://balistik.net Details: It is possible to cause the PoorMan webserver to crash (remotly)by sending a given URL to the server. In the case that interests us, a URL like http://server.com/somedir would make the server crash and output a Segment Violation in the 'web connection thread'. It seems it is the way that the server handles and parse the urls that makes him vulnerable. Adding a trailing '/' would not make the server to crash. I discovered this very recently, but it seems it was in the Be inc. bug database for a while. Thanks goes to Kobie Lurie for giving me additional informations. Sorry for any redundant alert! ;) Situation: The vendor (Be inc.) has not and will not be contacted for this vulnerability. This DoS can be worked around by installing the 4.5.2 service pack provided freely by Be inc. PoorMan's users should really consider installing this service pack. Relevant links: R4.5.2 Service Pack http://www-classic.be.com/support/updates/ Be inc. http://www.be.com ######################