RhinoSoft DNS4ME HTTP Server Vulnerabilities

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RhinoSoft DNS4ME HTTP Server Vulnerabilities
From: "GulfTech Security" <security@xxxxxxxxxxxx>
Date: Sat, 18 Sep 2004 06:38:51 -0500
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcSddA+CuyQIMsBqQSyf3qGAi2ydGA==

##########################################################
# GulfTech Security Research          September, 16th 2004
##########################################################
# Vendor  : RhinoSoft
# URL     : http://www.dns4me.com/
# Version : RhinoSoft.com DNS4Me Web Server/3.0.0.4
# Risk    : Cross Site Scripting && Denial of service
##########################################################


Description:
DNS4Me is the dynamic DNS service that you need to 
start hosting your own Internet services. When you have 
a dynamic IP address, you need something to associate a 
static domain name with it to make it easier for visitors 
to access the services you provide. With DNS4Me, you can 
take control of your Web site by running your own HTTP 
server. Without a hosting company, you've eliminated the 
cost of hosting as well as a layer of contact between you 
and your Web site. This gives you unparalleled control 
overits configuration, content, and delivery. But the 
benefits of dynamic DNS aren't just for HTTP servers. Any 
service that can make use of a domain name can benefit from 
DNS4Me. This includes FTP servers, e-mail servers, daemons 
for today's popular computer games, NetMeeting. With the 
reliability and excellent support you've come to expect of 
RhinoSoft.com backing up DNS4Me, you'll get a powerful, no 
hassle dynamic DNS solution. The RhinoSoft DNS4ME HTTP server
is prone to multiple vulnerabilities, and users are encouraged
to upgrade as soon as possible.



Cross Site Scripting:
It is possible for an attacker to render malicious code in 
a victims browser by sending them a url to request a 
document on the server(s), which contains A malformed query 
string. 

http://127.0.0.1/?%3E%3Cscript%3Ealert('XSS')%3C/script%3E

Any code in the query string will be executed and cause 
cross site scripting.



Denial of Service:
RhinoSoft.com DNS4Me Web Server is vulnerable to Denial Of 
Service attacks. If a malicious user sends a large amount 
of data to port 80, or the port that the DNS4Me Web Server 
is running on, it will send the CPU usage to 99% and 
eventually crash the affected server. 



Solution:
The developers were contacted last month about these issues. 
They said they needed a month to resolve them. It has been 
one month so users should check their website for an update. 
Also, the RhinoSoft HTTP server may be included in other 
RhinoSoft apps as well. Not sure of this, but something for 
other researchers to look out for.



Related Info:
The original advisory can be found at the following location 
http://www.gulftech.org/?node=research&article_id=00049-09162004



Credits:
James Bercegay of the GulfTech Security Research Team

Prev by Date: Re:[2] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue
Next by Date: Sudo Exploit by Rosiello Security
Previous by thread: Re: Mambo Portal lasted version 4.5.1 (1.09) and lower vesion : SQL injection Vulnerability.
Next by thread: Sudo Exploit by Rosiello Security
Index(es):
- Date
- Thread