Tripbit Security Advisory
TA-210603 


Severity: 
Medium/High
Application: 
Twilight WebServer v1.3.3.0
Platform: 
Windows
Class: 
Insufficient Boundary Checking
Release Date: 
June 20th, 2003
Vendor: 
http://www.twilightutilities.com


Overview

Twilight Internet Web Server features:
- Installs in seconds
- Lets you INSTANTLY share pictures and files
- Modem aware
- Automates telling friends and family when you start serving
- Automatically integrates your web camera
- Allows others to send files to you
- Automatically generates web pages
- Supports file resume
- A truly unique files-sharing tool

• Details
A security vulnerability in Twilight WebServer allows remote attackers to crash the server by sending two and too long GET requests with a size of 1052 bytes and more for each request.

• Recommendation
Upgrade your Twilight WebServer to the new fixed version v.1.3.4.0. This version is available at http://www.twilightutilities.com.

Vendor Response
The vendor has been notified. He didn't answer to our report, but since yesterday there is a new fixed version available for download.

• Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an 'AS IS' condition. There are 'NO' warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

• Additional information
This vulnerability has been found and researched by:

posidron posidron@tripbit.org

rushjo rushjo@tripbit.org

• Availability
You can find the latest version of this warning under the following URL:

http://www.tripbit.org/advisories/TA-210603.html