Full Disclosure mailing list archives
Vulnerability Note VU#12345
From: "Security Group" <secgro () gmail com>
Date: Thu, 8 May 2008 08:22:54 +0200
Vulnerability Note VU#12345 Full Disclosure DoS vulnerability Overview A vulnerability in the way the mailinglist 'Full disclosure' handles 'n3td3v' packets could result in a remotely exploitable denial of service. I. Description 'Full disclosure' does not properly handle trolling packets, which can render the service useless. Upon receiving a trolling message the system response with a huge number of disapproval-messages. The magnitude of these disapproval-messages will cause a client to stop listening to the service. II. Impact An attacker can render 'Full disclosure' useless. III. Solution Clients of 'Full disclosure' should drop trolling messages of 'n3td3v' or others instead of sending a response of disapproval. Vendor Status Date Updated Full-discluse Vulnerable 28-Apr-2008 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Vulnerability Note VU#12345 Security Group (May 07)
- Re: Vulnerability Note VU#12345 Dr. J Swift (May 08)