Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

NT: Five Buffer Overflows; One Denial of Service

From: mea culpa <jericho () DIMENSIONAL COM>
Date: Thu, 4 Nov 1999 10:22:42 -0700
From: WinSA Publisher <winsa () NTSECURITY NET>


November 2, 1999 - WINSA - At least five different programs were
recently reported to contain possible buffer overflow condition that
may allow arbitrary code to execute on the server. The programs
reported to be vulnerable are as follows:

  * Avirt Mail Server
  * CMail Server
  * ExpressFS FTPServer
  * Xitami Web Server
  * WFTPD Server

In addition, a new exploit was released that can cause NT's native
SERVICES.EXE process to crash, thereby crippling much functionality
in the wake of the crash.

For complete details on all six of these newly discovered security
risks, including sample code that demonstrates some of these issues
against certain software packages, please visit our Web site:

  * RFPoison (Services.exe DoS)
    http://www.ntsecurity.net/go/load.asp?iD=/security/services.htm
  * Avirt Mail Server
    http://www.ntsecurity.net/go/load.asp?iD=/security/avirt1.htm
  * CMail Server
    http://www.ntsecurity.net/go/load.asp?iD=/security/cmail1.htm
  * ExpressFS FTPServer
    http://www.ntsecurity.net/go/load.asp?iD=/security/expressfs1.htm
  * Xitami Web Server
    http://www.ntsecurity.net/go/load.asp?iD=/security/xitami1.htm
  * WFTPD Server
    http://www.ntsecurity.net/go/load.asp?iD=/security/wftpd1.htm

Thanks for subscribing to WinSA.
Please tell your friends about this mailing list!

Sincerely,
The WinSA Team

ISN is sponsored by Security-Focus.COM
Previous By Date Next
Previous By Thread Next

Current thread: