------------------------------------------------------------
   - EXPL-A-2006-005 exploitlabs.com Retro Advisory 002 -
------------------------------------------------------------
                      - SHTTPD -







AFFECTED PRODUCTS
=================
SHTTPD < v1.34
http://shttpd.sourceforge.net/



OVERVIEW
========
"SHTTPD is a lightweight web server. The main design
goals are the ease of use  and the ability to embed.
Ideal for personal use, web-based software demos 
(like PHP, Perl etc), quick file sharing.
 A care has been taken to make the code secure"



RETRO-RELEASE DATE:
===================
Oct 10, 2005

Duplicate Release: Oct 06, 2006 
by: sk0de
http://secunia.com/advisories/22294/



DETAILS
=======
SHTTPD is vulnerable to an overly long GET request.

 

SOLUTION
========
patch: Upgrade to v1.35



PROOF OF CONCEPT
================
1.start SHTTPD

2.send an overly long GET request

http://[host]/Ax274 chars ( v1.27 - v1.30 )
http://[host]/Ax256 chars ( v1.34 )
v1.31-v1.33 untested

2a.
PoC by Sk0de
http://www.milw0rm.com/exploits/2482



CREDITS
=======
"sk0de - http://secunia.com/advisories/22294/ "



RETRO-CREDITS
=============
This vulnerability was discovered and researched by 
Donnie Werner of Exploitlabs. At the original time
of discovery and retro-release date, the author was
not aware of any other advisories or research by 3rd parties.


Donnie Werner
wood@exploitlabs.com
morning_wood@zone-h.org

-- 
web:	http://exploitlabs.com

http://exploitlabs.com/files/advisories/EXPL-A-2006-005-shttpd.txt