Advisory for Electrocomm 2.0

[neme-dhc () HUSHMAIL COM]

 [ Advisory for Electrocomm                        ]
 [ Electrocomm is made by Electrosoft              ]
 [ Site: http://www.esei.com                       ]
 [ by nemesystm of the DHC                         ]
 [ (http://dhcorp.cjb.net - neme-dhc () hushmail com) ]
 [ ADV-0118                                        ]

/-|=[explanation]=|-\
ElectroComm allows you to connect to a comm port on
a computer over a network using any Telnet client.
The program can fall victim to a denial of service.

/-|=[who is vulnerable]=|-\
Electrocomm 2.0 has been tested to be vulnerable.
Prior versions are assumed to be vulnerable as well.

/-|=[testing it]=|-\
Sending two bursts of characters with a length of
about 160000 each to port 23 will peg CPU to 100%
and then crash with:
Run-time error '381':
Invalid array index.

I have made a perl script that exploits this. It is
in the advisory that is available on the DHC site.
http://www.emc2k.com/dhcorp/homebrew/electro.zip

/-|=[fix]=|-\
None known at the moment.
Free, encrypted, secure Web-based email at www.hushmail.com