[20569] in bugtraq
Advisory for Vdns
daemon@ATHENA.MIT.EDU (neme-dhc@HUSHMAIL.COM)
Tue May 8 11:37:04 2001
Content-type: multipart/mixed;
boundary="Hushpart_boundary_FdaDvybGsVhGMHQGlSbyWXZwvZCaTwrX"
Mime-version: 1.0
Message-ID: <200105072333.QAA21737@user7.hushmail.com>
Date: Mon, 7 May 2001 19:35:37 -0500
Reply-To: neme-dhc@HUSHMAIL.COM
From: neme-dhc@HUSHMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
--Hushpart_boundary_FdaDvybGsVhGMHQGlSbyWXZwvZCaTwrX
Content-type: text/plain
[ Advisory for VdnsServer ]
[ VdnsServer is sold by ZFC and Hughestech ]
[ Site: http://www.zfc.com | www.hughesnet.net ]
[ by nemesystm of the DHC ]
[ (http://dhcorp.cjb.net - neme-dhc@hushmail.com) ]
[ ADV-0121 ]
/-|=[explanation]=|-\
Virtual DNS (Vdns) allows users with DSL & ADSL type
connections to run their own web server with their
own domain name. It suffers from a denial of
service.
/-|=[who is vulnerable]=|-\
VdnsServer 1.0
has been tested and was vulnerable.
/-|=[testing it]=|-\
By opening up a connection to 6070, sending it some
info and then cutting of the connection, Vdns goes
into a state of "Default.Closed" and will not allow
any other connections.
I have made a perl script that exploits this. It is
in the advisory that is available on the DHC site.
http://www.emc2k.com/dhcorp/homebrew/vdns.zip
/-|=[fix]=|-\
Download VdnsServer 2.0
Free, encrypted, secure Web-based email at www.hushmail.com
--Hushpart_boundary_FdaDvybGsVhGMHQGlSbyWXZwvZCaTwrX--
