[20592] in bugtraq
Denicomp REXECD/RSHD Denial of Service Vulnerability
daemon@ATHENA.MIT.EDU (SNS Research)
Fri May 11 11:49:08 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <114567037.20010503212742@greyhack.com>
Date: Thu, 3 May 2001 21:27:42 +0200
Reply-To: SNS Research <vuln-dev@greyhack.com>
From: SNS Research <vuln-dev@greyhack.com>
To: BUGTRAQ@SECURITYFOCUS.COM
Strumpf Noir Society Advisories
! Public release !
<--#
-= Denicomp REXECD/RSHD Denial of Service Vulnerability =-
Release date: Thursday, May 3, 2001
Introduction:
Denicomp's REXECD and RSHD products are ports of their counterparts
on Unix-based systems, allowing the use of the rcp, rsh and rexec
commands on machines running MS Windows.
These products can be obtained through the vendors website at:
http://www.denicomp.com
Problem:
There exists a problem in the port-handling code of mentioned
products which exposes the services provided by these to a DoS attack.
When a string of +/- 4300 bytes is sent to the listening port of
the REXEC and/or RSH daemons (defaulting to the standard 512 and
514 ports), the service in question will die.
A restart will be needed to regain full functionality.
(..)
Solution:
Vendor has been notified and has verified this problem. New versions
of these products will be released from the vendor's website shortly.
Vulnerable:
WINNT/WIN2K:
Denicomp Winsock RSHD/NT v2.18.00 (Intel)
Denicomp Winsock RSHD/NT v2.17.07 (DEC Alpha)
Denicomp Winsock REXECD/NT v1.05.00 (Intel)
Denicomp Winsock REXECD/NT v1.04.08 (DEC Alpha)
Win95/98/ME:
Denicomp Winsock RSHD/95 v2.18.03
Denicomp Winsock REXECD/95 v1.00.02
Earlier versions are expected to be vulnerable as well, users are
encouraged to upgrade.
yadayadayada
Free sk8! (http://www.freesk8.org)
SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)
compliant, all information is provided on AS IS basis.
EOF, but Strumpf Noir Society will return!
