Bugtraq mailing list archives
Re: NOBO denial of service
From: flaviovs () CENTROIN COM BR (Flavio Veloso)
Date: Tue, 9 Feb 1999 16:59:44 -0200
On Thu, 4 Feb 1999, Andrew J. Gavin wrote:
As reported by i-kran () USA NET approximately a week ago, nobo (a back orifice scanning detector) has a buffer overflow problem that will crash the program remotely. Sending a UDP packet (larger than 1024 bytes) will give the error: A network error has ocurred: Message too long (10040-92) Sending 15 of these packets (the minimum required) will crash nobo (stack fault in kernel32.dll), with NOTHING recorded to the log file or to the screen.
(...) Although this doesn't look like a buffer overflow (it is not a buffer overflow in NOBO code), it's really a DoS. NOBO uses "async select" to know when data is waiting to be read in its socket. For those people which doesn't know how this feature work, Windows send an ordinary window message to NOBO whenever its socket has data to be read. The problem seems to be that NOBO isn't dealing with the packet fast enough and, as messages are being delivered (directly to the message proc instead of being posted to the message queue), Windows can't keep up with its call stack and segfault. Anyway, a new version of NOBO (1.3) was released to handle this issue, the fact it wasn't logging the IP address of big packets received, plus flood detection along with other features. NOBO can be retrieved from its site at http://web.cip.com.br/nobo/. -- Flavio
Current thread:
- Re: Unsecured server in applets under Netscape, (continued)
- Re: Unsecured server in applets under Netscape Giao Nguyen (Feb 03)
- Re: Unsecured server in applets under Netscape Tramale K. Turner (Feb 03)
- Re: Unsecured server in applets under Netscape Alex Muntada (Feb 05)
- Re: Unsecured server in applets under Netscape Giao Nguyen (Feb 03)
- Net::RawIP 0.05 has been released Sergey V. Kolychev (Feb 03)
- Buffer overflow and OS/390 Do-Geun Jo (Feb 04)
- Re: Unsecured server in applets under Netscape Tor Houghton (Feb 04)
- Microsoft Access 97 Stores Database Password as Plaintext Donald Moore (Feb 04)
- Widespread Router Access Port DoS HD Moore (Feb 04)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Ernie Souhrada (Feb 04)
- NOBO denial of service Andrew J. Gavin (Feb 04)
- Re: NOBO denial of service Flavio Veloso (Feb 09)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Ricardo Peres (Feb 04)
- Re: Unsecured server in applets under Netscape Philip Stoev (Feb 03)