News for wibblers. Stuff that really doesn't matter. |
|
News for wibblers. Stuff that really doesn't matter. |
|
Save the teapot fund
New CSS web design for Wibble proudly provided by Kelv. Please contact the webmaster with any questions or concerns. |
Wibble > List archives > bugtraq > 1998 [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] S.A.F.E.R. Security Bulletin 980708.DOS.1.1
__________________________________________________________
S.A.F.E.R. Security Bulletin 980708.DOS.1.1
__________________________________________________________
TITLE : Vulnerability with CSM Proxy 4.1
DATE : July 8, 1998
NATURE : Denial-of-Service
PLATFORMS : Windows NT, Windows 95/98
DETAILS:
If users sends 1030 characters or more to the FTP port (21), CSM Proxy will
crash, and raise CPU usage to 100%. Restart of the proxy (Win95) or reboot
(NT) is needed in order to recover system functionality.
CSM Proxy accepts connection, even accepts username/password, and then
checks if user is authorized (depending on source IP address) to access
proxy server at all. This allows any user on Internet/Intranet to connect
to port 21, send characters and crash the CSM Proxy server along with
Windows NT. If CSM Proxy is located behind a firewall, only Intranet users
are a threat.
FIXES:
CSM (http://www.csm-usa.com and http://www.csm.co.at) have been notified,
and it is expected that CSM will publish updated version soon.
__________________________________________________________
S.A.F.E.R. - Security Alert For Entreprise Resources
Copyright (c) 1998 Siam Relay Ltd.
http://siamrelay.com/safer --- security@xxxxxxxxxxxxx
__________________________________________________________
________________________________________________________
SiamAlert - Security Services for Asia-Pacific
Copyright (c) 1998 Siam Relay Ltd.
http://www.siamrelay.com --- security@xxxxxxxxxxxxx
________________________________________________________
|
