Denicomp REXECD/RSHD Denial of Service Vulnerability

[SNS Research <vuln-dev () GREYHACK COM>]

Strumpf Noir Society Advisories
! Public release !
<--#


-= Denicomp REXECD/RSHD Denial of Service Vulnerability =-

Release date: Thursday, May 3, 2001


Introduction:

Denicomp's REXECD and RSHD products are ports of their counterparts
on Unix-based systems, allowing the use of the rcp, rsh and rexec
commands on machines running MS Windows.

These products can be obtained through the vendors website at:
http://www.denicomp.com


Problem:

There exists a problem in the port-handling code of mentioned
products which exposes the services provided by these to a DoS attack.

When a string of +/- 4300 bytes is sent to the listening port of
the REXEC and/or RSH daemons (defaulting to the standard 512 and
514 ports), the service in question will die.

A restart will be needed to regain full functionality.


(..)


Solution:

Vendor has been notified and has verified this problem. New versions
of these products will be released from the vendor's website shortly.


Vulnerable:

WINNT/WIN2K:

Denicomp Winsock RSHD/NT v2.18.00 (Intel)
Denicomp Winsock RSHD/NT v2.17.07 (DEC Alpha)
Denicomp Winsock REXECD/NT v1.05.00 (Intel)
Denicomp Winsock REXECD/NT v1.04.08 (DEC Alpha)

Win95/98/ME:

Denicomp Winsock RSHD/95 v2.18.03
Denicomp Winsock REXECD/95 v1.00.02

Earlier versions are expected to be vulnerable as well, users are
encouraged to upgrade.


yadayadayada

Free sk8! (http://www.freesk8.org)

SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)
compliant, all information is provided on AS IS basis.

EOF, but Strumpf Noir Society will return!