DB Electronica Telecomunicazioni Mozart FM Transmitter Infinite Loop Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000. The issue arises in the 'status_contents.php' file, where a failed file deletion operation creates an infinite loop. This occurs because the unlink() function is used in a while loop; if a file that is immutable or lacks the necessary permissions to be deleted is specified, the process will continuously attempt to delete it, causing a loop that can lead to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a CPU spin, with the process consuming 100% of a core. This can be amplified by sending multiple simultaneous requests, exhausting the server's worker pool and rendering the web interface unresponsive.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'status_contents.php' with the 'deletehidden' parameter set to a filename that is either immutable or located in a directory where the web server lacks permission to delete files. The script will then enter an infinite loop, repeatedly checking if the file has been deleted.