COMMAND

    Savant

SYSTEMS AFFECTED

    Savant 3.0

PROBLEM

    'nitr0s' posted once again one of those default DoS attacks.  This
    time against  Savant 3.0.   Not exactly  sure what  the problem is
    because it will handle the  same request from a program  that does
    the same thing.  "Time is a factor" so pay attention.  Connect  to
    the server using telnet or somthing and type in the following:

        GET / HTTP/1.1
        Host:AAAAAAAAAAAAAAAAAAAA.....

    Where A x 260,  hit return, wait 3  seconds, hit return again  and
    you should see it crash.  This was tested locally and remotely  on
    both Windows98 and NT-4.

    No error messages are given on NT for some reason, the program
    simply terminates.

    If you do not give it the time, it doesn't work?

    Sending the same request using a perl script didn't seem to affect
    the server at all, which is why we can't tell whats wrong.

SOLUTION

    Nothing yet.