COMMAND

    Small HTTP Server

SYSTEMS AFFECTED

    Small HTTP Server ver. 1.212 (maybe others)

PROBLEM

    The  Ussr  Labs  team  has  recently  discovered a buffer overflow
    memory  problem  in  the  Small  HTTP  Server.  What happens is by
    preforming an attack with a  malformed url information to port  80
    it  will  cause  the  proccess  containg  the  services  to   stop
    responding.

    The  http  Server  (Port  80)  service  has  a overflow in the GET
    command:

        [hellme@die-communitech.net$ telnet example.com 80
        Trying example.com...
        Connected to example.com.
        Escape character is '^]'.
        GET /[buffer]

    Where [buffer] is aprox. 65000 characters and the process containg
    the service crash.

SOLUTION

    Nothing yet.