Bugtraq mailing list archives
S.A.F.E.R. Security Bulletin 980708.DOS.1.1
From: security () SIAMRELAY COM (Security Research Team)
Date: Thu, 16 Jul 1998 15:22:24 -0400
__________________________________________________________ S.A.F.E.R. Security Bulletin 980708.DOS.1.1 __________________________________________________________ TITLE: Vulnerability with CSM Proxy 4.1 DATE: July 8, 1998 NATURE: Denial-of-Service PLATFORMS: Windows NT, Windows 95/98 DETAILS: If users sends 1030 characters or more to the FTP port (21), CSM Proxy will crash, and raise CPU usage to 100%. Restart of the proxy (Win95) or reboot (NT) is needed in order to recover system functionality. CSM Proxy accepts connection, even accepts username/password, and then checks if user is authorized (depending on source IP address) to access proxy server at all. This allows any user on Internet/Intranet to connect to port 21, send characters and crash the CSM Proxy server along with Windows NT. If CSM Proxy is located behind a firewall, only Intranet users are a threat. FIXES: CSM (http://www.csm-usa.com and http://www.csm.co.at) have been notified, and it is expected that CSM will publish updated version soon. __________________________________________________________ S.A.F.E.R. - Security Alert For Entreprise Resources Copyright (c) 1998 Siam Relay Ltd. http://siamrelay.com/safer --- security () siamrelay com __________________________________________________________ ________________________________________________________ SiamAlert - Security Services for Asia-Pacific Copyright (c) 1998 Siam Relay Ltd. http://www.siamrelay.com --- security () siamrelay com ________________________________________________________
Current thread:
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53), (continued)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Leendert van Doorn (Jul 13)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Aggelos P. Varvitsiotis (Jul 14)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Dr. Mudge (Jul 13)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Darren J Moffat - SunService ETZ-N OS Product Support Group (Jul 14)
- Linux and world-writable /tmp - UPDATE (fwd) Michal Zalewski (Jul 11)
- Berkley DB problem in slackware distribution Martin Bene (Jul 16)
- Re: Linux and world-writable /tmp - UPDATE (fwd) Olaf Kirch (Jul 16)
- Re: Linux and world-writable /tmp - UPDATE (fwd) Michal Zalewski (Jul 12)
- Linux and world-writable /tmp - UPDATE (fwd) Michal Zalewski (Jul 11)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Eric Johnson (Jul 15)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Casper Dik (Jul 15)
- S.A.F.E.R. Security Bulletin 980708.DOS.1.1 Security Research Team (Jul 16)
- Sun Security Bulletin #00172 (fwd) joshua grubman (Jul 15)