[10426] in bugtraq
Re: NT/Exceed D.O.S.
daemon@ATHENA.MIT.EDU (David Poythress)
Mon May 3 19:30:20 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <2156E4186356D211A59000403351C3CE079D@nt.home>
Date: Sat, 1 May 1999 19:26:34 -0500
Reply-To: David Poythress <david.poythress@BENDER.TZO.COM>
From: David Poythress <david.poythress@BENDER.TZO.COM>
To: BUGTRAQ@NETSPACE.ORG
This seems to have been fixed at some point, connecting and/or spewing
random data to exceedhost 6000-6010 has no discenrible effect on exceed
6.1.0 under win98 or NTsp4.
A denial of service is still possible though: Exceed defaults to allowing
128 connections from the xdm host, but counts a telnet connection as though
it were a connection from a valid X client. Once the max number of
connections is reached, subsequent attempts to the X port range are refused.
--
David Poythress dp@qni.com
"Grammar, which controls even kings ..." --Moliere
-----Original Message-----
From: LaFournaise, Chris J.
[mailto:cjlafournaise@ESCOCORP.COM]
Sent: Tuesday, April 27, 1999 15:29
To: BUGTRAQ@netspace.org
Subject: NT/Exceed D.O.S.
This is regarding Hummingbird's Exceed X emulator v5 (and
possibly v6)
running on Windows NT. I haven't tested Win95/98.
The Exceed X server allows inbound TCP connections on port
6000 from the XDM
host. If someone uses telnet from the XDM host to connect
to a PC running
Exceed on port 6000 and enters any garbage text, the X
server will hang and
the Exceed session is frozen for good.
I have notified Hummingbird via their tech support web site
but have not
received a response yet.
Chris LaFournaise
cjlafournaise@escocorp.com
