GCALDaemon Content-Length Header Denial of Service Vulnerability

Bugtraq ID:	25704
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-4980
Remote:	Yes
Local:	No
Published:	Sep 18 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	Luca Carettoni is credited with discovering this vulnerability.
Vulnerable:	GCALDaemon GCalDaemon 1.0-beta13
Not Vulnerable:	GCALDaemon GCalDaemon 1.0-beta14

GCALDaemon Content-Length Header Denial of Service Vulnerability

GCALDaemon is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted HTTP GET requests

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects GCALDaemon 1.0-beta13; other versions may also be affected.

GCALDaemon Content-Length Header Denial of Service Vulnerability

An attacker can exploit this issue by using readily available network utilities.

The following exploit code is available:

• /data/vulnerabilities/exploits/25704.pl

GCALDaemon Content-Length Header Denial of Service Vulnerability

Solution:
GCALDaemon 1.0-beta14 has been released to address this issue. Please see the references for more information.

GCALDaemon Content-Length Header Denial of Service Vulnerability

References:

• GCALDaemon 1.0 beta14 released (GCALDaemon)
  
• GCALDaemon Homepage (GCalDaemon)
  
• GCALDaemon Remote DoS ([email protected])