thttpd - the trivial http daemon they are talking about here is NOT the original thttpd that comes with deception toolkit. This server was proven secure years ago, and while it may reside on computers that are vulnerable to denial of service attacks, the original thttpd has NO SUCH VULNERABILITY! This is the risk of modifying a reall secure server - assuming they didn't just take the name as their own. For the real thttpd, goto all.net and load it with the rest of Deception Toolkit. FC > Advisory Name: Brickserver thttpd DoS and possible risk of buffer overflow > Release Date: 01/09/2001 > Application: thttpd with modifications added by the vendor > Platform: Brickserver Small Business Model > Severity: Attackers can easily crash thttpd and possible find an > exploitable buffer overflow > Author(s): lockdown > banned-it > Vendor Status: Sage inc. has been notifie -- Fred Cohen at Sandia National Laboratories at tel:925-294-2087 fax:925-294-1225 Fred Cohen & Associates: http://all.net - [EMAIL PROTECTED] - tel/fax:925-454-0171 Fred Cohen - Practitioner in Residence - The University of New Haven This communication is confidential to the parties it is intended to serve. PGP keys: https://all.net/pgpkeys.html - Have a great day!!!
