[12729] in bugtraq
Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability
daemon@ATHENA.MIT.EDU (Ussr Labs)
Fri Nov 26 01:44:40 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <NCBBKFKDOLAGKIAPMILPOEPCCAAA.labs@ussrback.com>
Date: Wed, 24 Nov 1999 22:19:38 -0300
Reply-To: Ussr Labs <labs@USSRBACK.COM>
From: Ussr Labs <labs@USSRBACK.COM>
X-To: BUGTRAQ <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM
Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability
PROBLEM:
UssrLabs found a buffer overflow in WorldClient Server v2.0.0.0 where they
do not use proper bounds checking.
The following all result in a Denial of Service against the service in
question.
affected services:
WorldClient: Port 2000
This two remotes services are affected to overflow of you send a large url
name.
Like: http:/serverip/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
For the Binary / Source for this WorldClient Server v2.0.0.0 Denial of
Service:
Go To: http://www.ussrback.com/mdeam285/
Vendor Status:
Contacted.
Vendor Url: http://www.mdaemon.com
Credit: USSRLABS
SOLUTION
Nothing yet.
u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h
http://www.ussrback.com
