-------------------------------------------------------------------- Title: Sitespring Server Denial of Service BUG-ID: 2002028 Released: 01st Jul 2002 -------------------------------------------------------------------- Problem: ======== A malicious user with access to the Sitespring database engine port can crash both the runtime database engine and the Sitespring web service. Vulnerable: =========== - Sitespring 1.2.0(277.1) using Sybase runtime engine v7.0.2.1480 Details: ======== If the sybase database engine receives 1077 x chr(2) + \r\n\r\n it crashes. The web service will crash shortly after the database engine stops. Vendor URL: =========== You can visit the vendor webpage here: http://www.macromedia.com Vendor Response: ================ This was reported to the vendor on the 16th of April, 2002. There is currently no scheduled patch for this vulnerability. Vendor support for Sitespring is planned to end May, 2004. Corrective action: ================== Apply IP filtering to the Sitespring server, so only the local host is allowed to connect to TCP port 2500. On Win2000 or WinXP this can be done using the built-in IP filter functionality. Author: Peter Gründl (pgrundl@kpmg.dk) -------------------------------------------------------------------- KPMG is not responsible for the misuse of the information we provide through our security advisories. These advisories are a service to the professional security community. In no event shall KPMG be lia- ble for any consequences whatsoever arising out of or in connection with the use or spread of this information. --------------------------------------------------------------------
