VIGILANTE-2000013: WinCOM LPD DoS

[Peter Gründl <prg () vigilante com>]

WinCOM LPD DoS

Advisory Code:   VIGILANTE-2000013

Release Date:
September 19, 2000

Systems Affected:
- WinCOM LPD V1.00.90 for Windows NT

THE PROBLEM
A continuos stream of LPD options, sent to the LPD port (default TCP
port 515) on the host running WinCOM, will eventually consume all the
memory on that host.

Vendor Status:
The vendor was contacted on the 8th of September and the vulnerability
was verified by them on the 19th of September.

Fix:
There is currently no known release date for a fix. Vendor replied:

"I do not have any release date to offer you.
It will be fixed in a future release.
Thank you for bringing this to our attention."

Vendor   URL: http://www.ipswitch.com
Product  URL: http://www.ipswitch.com/cgi/download_eval.pl
Copyright VIGILANTe 2000-09-12

Disclaimer:
The information within this document may change without notice. Use of
this information constitutes acceptance for use in an AS IS
condition. There are NO warranties with regard to this information.
In no event shall the author be liable for any consequences whatsoever
arising out of or in connection with the use or spread of this
information. Any use of this information lays within the user's
responsibility.

Feedback:
Please send suggestions, updates, and comments to:

VIGILANTe
mailto: isis () vigilante com
http://www.vigilante.com