Subject: [w00giving '99 #15] Savant v2.0 web server
Release Date: December 28, 1999
Systems Affected: Savant v2.0 for Win 9X/NT/2K and possibly others
About The Software:
Savant provides support for most modern web features and technologies.
UssrLabs found a vulnerability that would allow someone to crash a Savant
web server by passing a NUL ('\0') character in the GET (HTML) routine.
The result of the crash, stored in C:\Savant\Logs\general.txt, looks like
Attacker Ip - - [20/Dec/1999:00:10:27 -0300] "GET
Do you do the w00w00?
This advisory also acts as part of w00giving. This is another contribution
to w00giving for all you w00nderful people out there. You do know what
w00giving is don't you? http://www.w00w00.org/advisories.html
Vendor Status: Contacted
Program URL: http://hera.wku.edu/~lamonml/savant/download.html
Because source to Savant isn't public, wait for the vendor to provide a
eEye, Attrition, w00w00, beavuh, Rhino9, ADM, L0pht, HNN, Technotronic and
u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h
Back to Advisories
Back to the main page