Bugtraq mailing list archives
Advisory for Electrocomm 2.0
From: neme-dhc () HUSHMAIL COM
Date: Mon, 7 May 2001 19:33:18 -0500
[ Advisory for Electrocomm ] [ Electrocomm is made by Electrosoft ] [ Site: http://www.esei.com ] [ by nemesystm of the DHC ] [ (http://dhcorp.cjb.net - neme-dhc () hushmail com) ] [ ADV-0118 ] /-|=[explanation]=|-\ ElectroComm allows you to connect to a comm port on a computer over a network using any Telnet client. The program can fall victim to a denial of service. /-|=[who is vulnerable]=|-\ Electrocomm 2.0 has been tested to be vulnerable. Prior versions are assumed to be vulnerable as well. /-|=[testing it]=|-\ Sending two bursts of characters with a length of about 160000 each to port 23 will peg CPU to 100% and then crash with: Run-time error '381': Invalid array index. I have made a perl script that exploits this. It is in the advisory that is available on the DHC site. http://www.emc2k.com/dhcorp/homebrew/electro.zip /-|=[fix]=|-\ None known at the moment. Free, encrypted, secure Web-based email at www.hushmail.com
Current thread:
- Advisory for Electrocomm 2.0 neme-dhc (May 08)