greatis / open-hardware-monitor

Automatically exported from code.google.com/p/open-hardware-monitor
1 stars 0 forks source link

Remote DoS with Nmap in Windows XP #459

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
Openhardwaremonitor crashes when using Nmap to scan the TCP-port web-service 
OHM is listening in Windows XP SP3. This doesn't work in Windows 7.

Using Nmap 6.25 with -P0 -sV and OHM 0.5.1 Beta.

This is the output:

"""
Version: 0.5.1.0

System.Net.ProtocolViolationException: Cannot send a content-body with this 
verb-type.
   at System.Net.HttpResponseStream.ComputeLeftToWrite()
   at System.Net.HttpResponseStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at OpenHardwareMonitor.Utilities.HttpServer.serveResourceFile(HttpListenerContext context, String name, String ext)
   at OpenHardwareMonitor.Utilities.HttpServer.ListenerCallback(IAsyncResult result)
   at System.Net.LazyAsyncResult.Complete(IntPtr userToken)
   at System.Net.LazyAsyncResult.ProtectedInvokeCallback(Object result, IntPtr userToken)
   at System.Net.ListenerAsyncResult.WaitCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)

Common Language Runtime: 2.0.50727.3603
Operating System: Microsoft Windows NT 5.1.2600 Service Pack 3
Process Type: 32-Bit
"""

Screenshot of the error situation attached. After the error-message OWM exits. 
I can give you PoC in Python if needed.

Original issue reported on code.google.com by he...@nerv.fi on 9 Apr 2013 at 9:40

Attachments: