Bugtraq mailing list archives
NOBO denial of service
From: gavina () RIVER IT GVSU EDU (Andrew J. Gavin)
Date: Thu, 4 Feb 1999 16:52:00 -0500
As reported by i-kran () USA NET approximately a week ago, nobo (a back orifice scanning detector) has a buffer overflow problem that will crash the program remotely. Sending a UDP packet (larger than 1024 bytes) will give the error: A network error has ocurred: Message too long (10040-92) Sending 15 of these packets (the minimum required) will crash nobo (stack fault in kernel32.dll), with NOTHING recorded to the log file or to the screen. I tested this against nobo 1.2 from both Windows 98 and linux, giving the same results. Using 'assault' (included with the mIRC script "7th sphere", I believe) in Windows, for example, I was able to send 15 UDP packets at 1025 bytes in size, crashing my nobo. In linux, I was able to crash my nobo by echoing a string 1025 characters in length, piping it through nc (with the -u flag), and repeating 14 more times. I'm sure some nice scripts could be written to do this to a class C subnet. The only drawback to this is that it would be rather bandwidth-intensive (15 x 1025 bytes x 255). ---------- gavina () river it gvsu edu k3nny or ChazeFroy on Efnet IRC
Current thread:
- Re: Unsecured server in applets under Netscape, (continued)
- Re: Unsecured server in applets under Netscape BVE (Feb 02)
- Re: Unsecured server in applets under Netscape Giao Nguyen (Feb 03)
- Re: Unsecured server in applets under Netscape Tramale K. Turner (Feb 03)
- Re: Unsecured server in applets under Netscape Alex Muntada (Feb 05)
- Re: Unsecured server in applets under Netscape Giao Nguyen (Feb 03)
- Net::RawIP 0.05 has been released Sergey V. Kolychev (Feb 03)
- Buffer overflow and OS/390 Do-Geun Jo (Feb 04)
- Re: Unsecured server in applets under Netscape Tor Houghton (Feb 04)
- Microsoft Access 97 Stores Database Password as Plaintext Donald Moore (Feb 04)
- Widespread Router Access Port DoS HD Moore (Feb 04)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Ernie Souhrada (Feb 04)
- NOBO denial of service Andrew J. Gavin (Feb 04)
- Re: NOBO denial of service Flavio Veloso (Feb 09)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Ricardo Peres (Feb 04)
- Re: Unsecured server in applets under Netscape Philip Stoev (Feb 03)
- Re: Unsecured server in applets under Netscape BVE (Feb 02)