Bugtraq mailing list archives

Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability

From: labs () USSRBACK COM (Ussr Labs)
Date: Wed, 24 Nov 1999 22:19:38 -0300


Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability

PROBLEM:
UssrLabs found a buffer overflow in WorldClient Server v2.0.0.0 where they
do not use proper bounds checking.
The following all result in a Denial of Service against the service in
question.

affected services:

WorldClient: Port 2000

This two remotes services are affected to overflow of you send a large url
name.

Like: http:/serverip/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

For the Binary / Source for this WorldClient Server v2.0.0.0 Denial of
Service:

Go To: http://www.ussrback.com/mdeam285/

Vendor Status:
Contacted.

Vendor   Url: http://www.mdaemon.com

Credit: USSRLABS

SOLUTION
    Nothing yet.

u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h
http://www.ussrback.com

Current thread:

Re: Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability, (continued)
- - - Re: Remote D.o.S Attack in G6 FTP Server v2.0 (beta 4/5) Vulnerability Marc (Nov 17)
    - SuSE Security Announcement - syslogd (a1) Thomas Biege (Nov 18)
    - local users can panic linux kernel (was: SuSE syslogd advisory) Mixter (Nov 18)
    - Re: local users can panic linux kernel (was: SuSE syslogd advisory) Alan Cox (Nov 19)
    - Re: local users can panic linux kernel (was: SuSE syslogd advisory) Savochkin Andrey Vladimirovich (Nov 20)
    - ANN: Bruce v1.0 Early Access 1 - Available for downloa Alec Muffett (Nov 22)
    - Re: local users can panic linux kernel (was: SuSE syslogd Alan Cox (Nov 22)
    - Re: local users can panic linux kernel (was: SuSE syslogd Savochkin Andrey Vladimirovich (Nov 23)
    - Re: local users can panic linux kernel (was: SuSE syslogd Darren Reed (Nov 23)
    - Re: local users can panic linux kernel (was: SuSE syslogd Savochkin Andrey Vladimirovich (Nov 24)
    - Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability Ussr Labs (Nov 24)
    - Remote DoS Attack in BisonWare FTP Server V3.5 Vulnerability Ussr Labs (Nov 24)
    - Re: local users can panic linux kernel (was: SuSE syslogd Darren Reed (Nov 24)
    - [w00giving '99 #5 and w00news]: UnixWare 7's su Matt Conover (Nov 25)
    - Buffer Overflow Survey Paper Crispin Cowan (Nov 22)
    - Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper) Crispin Cowan (Nov 23)
    - [ COBALT ] Security Advisory - Sendmail Jeff Bilicki (Nov 24)
    - Re: Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper) Scott Zimmerman (Nov 24)
    - Re: Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper) Simple Nomad (Nov 24)
    - Netscape communicator 4.x Javascript security flaw Ahmed Ghandour (Nov 24)
    - Re: Netscape communicator 4.x Javascript security flaw Metal Hurlant (Nov 26)

(Thread continues...)