Bugtraq mailing list archives
Winsock 2.0 DoS
From: johnr () CSH RIT EDU (John Robinson)
Date: Wed, 11 Mar 1998 21:24:19 -0500
If a user has the newest winsock patch for winsock 2.0, which can be located at : http://www.microsoft.com/windows95/info/ws2.htm and attempts to do an address lookup on a address which doesn't exist and is 13 characters long winsock will fault. This has been reproduced on several computers and it takes a couple of seconds of looking up to occur. This happens with every winsock program I've tested including Netscape 3, Ie 3.0, and MS ping. Example sites that work are: www.socois.cool www.pcorner.org blahd.yahoo.com This apparently only works on names that are exactly 13 characters long (not including periods). This is dangerous because web pages can simply redirect browswers to these pages or put img sources equal to nonexistent address entries which will crash winsock. johnr ------------------------------------------------------------------------ John Robinson johnr () csh rit edu jjr4693 () rit edu robinson () foothills net "Twenty years from now you will be more disappointed by the things you didn't do than by the things you did do. So throw off the bowlines. Sail away from the safe harbor. Catch the trade winds in your sails. Explore. Dream. Discover." Mark Twain ------------------------------------------------------------------------
Current thread:
- More broadcast fun, (continued)
- More broadcast fun T. Freak (Mar 14)
- Midnight Commander /tmp race Michal Zalewski (Mar 15)
- Re: Midnight Commander /tmp race Pavel Kankovsky (Mar 17)
- Re: Midnight Commander /tmp race willy () SNOWYOWL CSU AC RU (Mar 17)
- Re: Midnight Commander /tmp race Pavel Kankovsky (Mar 18)
- Solaris printd security vulnerability Aleph One (Mar 11)
- Sun Security Bulletin #00165 Aleph One (Mar 11)
- Fwd: Sun Security Bulletin #00166 Tony Hagale (Mar 11)
- SLMail 2.6 DoS Steven (Mar 11)
- SLMail 2.6 DoS - Imail also Jon (Mar 11)
- Winsock 2.0 DoS John Robinson (Mar 11)
- Re: Winsock 2.0 DoS Henri Karrenbeld (Mar 12)
- more testing of Winsock 2.0 DoS Velocet (Mar 12)
- Re: Winsock 2.0 DoS stevep () ee pdx edu (Mar 12)
- InfoSecurity News jericho () DIMENSIONAL COM (Mar 13)
- Chase Bank joey.wheel (Mar 13)
- Win95 Winsock 2.0 DoS Russ (Mar 13)
- Problems with MDaemon 2.7.1 Development Team (Mar 12)
- FreeBSD Security Advisory: FreeBSD-SA-98:01.land Aleph One (Mar 12)
- FreeBSD Security Advisory: FreeBSD-SA-98:02.mmap Aleph One (Mar 12)
- SGI Security Advisory 19980301-01-PX - startmidi/stopmidi, SGI Security Coordinator (Mar 12)