lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: blue_eyeguy4u at hushmail.com (Blue eyeguy4u)
Subject: Wap-Serv Enterprise Has serious problems

SECURITY ADVISORY

IMPACT: DoS
SEVERITY: High
VENDOR: http://www.Wap-Serv.com
CONTACT: enquiries@...-serv.com , +44 (0)1628 634240
PRODUCT: http://www.wap-serv.com/product.htm
         WapServ Lite, WapServ Pro, WapServ Enterprise
DISTRIBUTION: ALREADY NOTIFIED PUBLIC DOMAIN AND VENDOR SIMULTANEOUSLY


HOW TO REPRODUCE:

   To Crash Wap Serv
     1) Start WapServ wap gateway on platform
     2) Send the following data over the specific listening ports
       a) 0x00 (or any single byte value) to port 9200 (Connection-less non WTLS)
      or
       b) 0x89, 0x77, 0x13, 0x86, 0x3d to port 9201 (Connection-orientated non WTLS)
	   
   To Cause Out Of Memory
     1) Start WapServ wap gateway on platform
     2) Send the following over the specified listening ports
       a) 0xa6, 0x09, 0x5d to port 9201 (Connection-orientated non WTLS)

   To prevent WapServ from starting
     1) Send relevant bytes to well known wap ports
     2) Start WapServ wap gateway, it will fail to start.

END SECURITY ADVISORY

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ