Vulnerability Development mailing list archives
Re: Possible MultiNet FTP server DoS problem.
From: lnapier () CISCO COM (Lisa Napier)
Date: Thu, 23 Dec 1999 14:17:33 -0800
Hi, Unfortunately, none of my VMS machines are available to the outside world, but I was able to confirm a problem on MultiNet version 4.0C. In our testing we were not able to crash the machine, though we did see the problem you describe. I'll work with version 4.2 a bit later today, but expect the same behavior. In discussing with colleagues what would theoretically happen, using up all the channels *could* result in the machine falling over, but it would simply reload & come right back up with services available. Annoying and disruptive, but not terminal. This is theory only -- as I said, in testing I was not able to crash the system. Are you willing to share your exploit, and allow me to test for you & report back the results? I'm also running a MultiNet FTP server on Win95, but it's not really the same.:) Also, have you reported the problem to Process, who now owns MultiNet? Thanks, Lisa Napier Product Security Incident Response Team Cisco Systems At 01:54 PM 12/21/1999 +0300, CyberPsychotic wrote:
Hey, Anyone runs MultiNet FTP server on VMS and don't mind to let me test out if the problem I found recently really could drive the machine to crash? This ftp daemon doesn't timeout/close connection when before it authenticates user, which seems to be quite serious problem until VMS has some sort of iternal protection against too many opened connections. I've done some code to perform quick tests but don't feel like bothering random internet boxens :) cheers, -F
Current thread:
- Re: ssh quirks..., (continued)
- Re: ssh quirks... Blue Boar (Dec 27)
- Re: ssh quirks... Ralph the Wonder Llama (Dec 27)
- Re: ssh quirks... LaMont Jones (Dec 27)
- Re: ssh quirks... Kev (Dec 28)
- Re: ssh quirks... Mark Rafn (Dec 28)
- Re: BSD chfn bug Warner Losh (Dec 27)
- any user can make hard links in Unix Benjamin Elijah Griffin (Dec 21)
- Re: any user can make hard links in Unix Bennett Todd (Dec 22)
- A Bug in the Recently Released BetaFTPD0.0.8pre7 (fwd) Bubonic (Dec 21)
- Possible MultiNet FTP server DoS problem. CyberPsychotic (Dec 21)
- Re: Possible MultiNet FTP server DoS problem. Lisa Napier (Dec 23)
- MSIE print feature Anonymous Anonymous (Dec 24)
- procmail / Sendmail - five bugs Michal Zalewski (Dec 23)