Tamer Sahin <ts@securityoffice.net> said: >Server crashes after sending very long URL a few times. > >http://host/AAAAAAAAA...(Ax2500)...AAA > >Tested: >Windows 2000 / ZBServer Pro 1.50-r13 It appears that this problem was originally publicized on December 23, 1999. It was reported by USSR to Bugtraq and NTBugtraq in a post titled "Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5" (CVE: CVE-2000-0002). USSR was unable to get a response from the vendor. devix posted a followup stating that the vendor had been notified about the problem in 1997. Dark Spyrit later posted an exploit to Bugtraq which appears to execute arbitrary code, not just cause a DoS. A search for "ZBServer" on various well-known vulnerability repositories produced the following references (note: URLs may be wrapped): http://www.securityfocus.com/archive/1/39597 http://www.securityfocus.com/archive/1/39654 http://www.securityfocus.com/archive/1/44126 http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0002 http://www.securityfocus.com/bid/889 http://xforce.iss.net/static/3809.php A search for "ZBServer" on both AltaVista and Google includes references to the Bugtraq posts on the first page. Vendor links: http://www.zbserver.com/zbserver/index.html (the 1997 copyright date might indicate why the problem has not been fixed) http://www.zbsoft.com/zbserver/support.html - Steve
