Full Disclosure mailing list archives
Wap-Serv Enterprise Has serious problems
From: "Blue eyeguy4u" <blue_eyeguy4u () hushmail com>
Date: Fri, 22 Aug 2003 14:17:05 +0200
SECURITY ADVISORY IMPACT: DoS SEVERITY: High VENDOR: http://www.Wap-Serv.com CONTACT: enquiries () wap-serv com , +44 (0)1628 634240 PRODUCT: http://www.wap-serv.com/product.htm WapServ Lite, WapServ Pro, WapServ Enterprise DISTRIBUTION: ALREADY NOTIFIED PUBLIC DOMAIN AND VENDOR SIMULTANEOUSLY HOW TO REPRODUCE: To Crash Wap Serv 1) Start WapServ wap gateway on platform 2) Send the following data over the specific listening ports a) 0x00 (or any single byte value) to port 9200 (Connection-less non WTLS) or b) 0x89, 0x77, 0x13, 0x86, 0x3d to port 9201 (Connection-orientated non WTLS) To Cause Out Of Memory 1) Start WapServ wap gateway on platform 2) Send the following over the specified listening ports a) 0xa6, 0x09, 0x5d to port 9201 (Connection-orientated non WTLS) To prevent WapServ from starting 1) Send relevant bytes to well known wap ports 2) Start WapServ wap gateway, it will fail to start. END SECURITY ADVISORY _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Wap-Serv Enterprise Has serious problems Blue eyeguy4u (Aug 22)