[10406] in bugtraq
Re: NT/Exceed D.O.S.
daemon@ATHENA.MIT.EDU (Andrew Pitman)
Sat May 1 13:14:51 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.3.96.990430161625.30309C-100000@torch.rowan.edu>
Date: Fri, 30 Apr 1999 16:20:21 -0400
Reply-To: Andrew Pitman <ap1@TORCH.ROWAN.EDU>
From: Andrew Pitman <ap1@TORCH.ROWAN.EDU>
X-To: Jamie Lawrence <jal@THIRDAGE.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <4.1.19990429115217.04e717b0@mail.thirdage.com>
Jamie,
Ditto for 6.1 on Win95. Appears to be fixed in 6.1, among other bugs,
including an incompatibility with DEC Windows that was causing problems at
my shop.
Andrew
--
"The wonderful thing about standards is that there are so
many to choose from."
(Andrew S. Tanenbaum)
+-----------------------------+---------------------------------+
| Andrew Pitman | Management Information Systems, |
| Unix System Administrator/ | Technology Operations Support |
| Webmaster | at Rowan University |
+-----------------------------+---------------------------------+
On Thu, 29 Apr 1999, Jamie Lawrence wrote:
> I couldn't reproduce either effect with Exceed 6.1 under NTsp3.
> Everything behaved normally, both for new and existing sessions.
>
> -j
>
> At 01:57 PM 4/28/99 -0700, Matt Wilbur wrote:
> >Exceed (an X server, not an X emulator) version 6.0.1.0 on NT appears to
> >have fixed this problem, somewhat...
> >
> >Telnetting to port 6000 locks the server up for 20-30 seconds, but it
> >recovers eventually. Not surprisingly, using netcat has the same effect...
> >although, contrary to Chris's findings with Exceed 5, I didn't need to send
> >any garbage characters, the connection alone did the job. Also, it works
> >from any host, not just the one the xdm session had been initiated with,
> >regardless of host access settings in Xconfig, Exceeds "configuration" tool.
> >
> >
> >I'd still consider this DoS-bait, when you imagine a one-liner to
> >continuously connect to port 6000 of your favorite Exceed user's machine.
> >
> >Matt Wilbur
> >
> >[snip]
> >>
> >> This is regarding Hummingbird's Exceed X emulator v5 (and possibly v6)
> >> running on Windows NT. I haven't tested Win95/98.
> >>
> >> The Exceed X server allows inbound TCP connections on port
> >> 6000 from the XDM> host. If someone uses telnet from the XDM host to
> >connect to
> >> a PC running Exceed on port 6000 and enters any garbage text, the X server
> >
> >> will hang and the Exceed session is frozen for good.
> >>
> >> I have notified Hummingbird via their tech support web site
> >> but have not received a response yet.
> >>
> >> Chris LaFournaise
> >> cjlafournaise@escocorp.com
> >>
>
