Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

CacheFlow external listerner 137/udp

From: Abdulkareem Kusai <kusaiak () altavista com>
Date: 23 May 2001 04:40:25 -0700
An nmap scan of the outside of our new CachFlow OS 3.1.16 systems reveals a process listening on port 137/udp. 
According to the vendor it "is open as a workaround for older versions of IE that would not run Java applets until name 
resolution for the server has occurred or timed out. CacheOS does not use or support netbios.  The response sent to 
queries on this port are static "canned" responses and is only sent to improve the responsiveness of IE browsers using 
the Web Console."

CacheFlow OS runs on the very well known x86 CPU instruction set which can be dug into by anyone with the time to do 
so. Buffer overflow or other vulnerabilities could exist. How to test? Using x86 assembler instructions to perform 
intrusions? 

A UDP port 137 listener on the outside interface is a concern. We ask the vendor for instructions how to turn it off. 
(No response yet.) We don’t administer the boxes from the outside.

Comments?


Find the best deals on the web at AltaVista Shopping!
http://www.shopping.altavista.com
Previous By Date Next
Previous By Thread Next

Current thread: