lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040326222737.6186.qmail@www.securityfocus.com>
Date: 26 Mar 2004 22:27:37 -0000
From: laurent oudot <oudot@...ack.org>
To: bugtraq@...urityfocus.com
Subject: Nstxd vulnerability





---------------------------------------------------------------------- 
            Rstack Team (Rstack.org) --- Security Advisory 


Advisory Number: RSTACK-20040325 
Subject: Nstxd remote DoS-Bug (NULL-pointer-dereference)
Author: Laurent Oudot <oudot@...ack.org> 
Discovered: ...
Published: March 25, 2004
---------------------------------------------------------------------- 


Problem description 
=================== 


Nstxd is the server from the Nstx project. Nstx can be used to create 
IP trafic over DNS (can be used by blackhats for special Wifi networks 
with DNS open for everybody).
 
Unexpected input may crash the server called nstxd which will at least 
result in a DOS due to a NULL-pointer-dereference. 
The service nstxd runs as root to bind the UDP port 53.



Vulnerable versions 
=================== 


Tests were done with the latest version : nstx-1.1-beta3
http://debmail.dereference.de/nstx/nstx-1.1-beta3.tgz 


Vendor status 
============= 


The Nstx team quickly solved this bug.
A new release is available : nstx-1.1-beta4.

From the ChangeLog :
    1.1-beta4: sky
    2004/03/26
    * Fixed a remote DoS-Bug (NULL-pointer-dereference)



Solutions 
========= 


* Upgrade your Nstx version at :
  http://debmail.dereference.de/nstx/nstx-1.1-beta4.tgz

* Workaround: Containment (chroot, jail...) and low level security 
  solutions (grsecurity, systrace...) should be use to improve 
  the security of such a server.



Example 
======= 

** On the server (assume the IP is 192.168.1.34 for this example):
nstx-1.1-beta3# ./nstxd tun.mydomain.com

** On a remote "evil" client:
remote-hacker$ perl -e '{ print "A" x 500 }' | nc -u 192.168.1.34 53

This will segfault the server.
It might be dangerous as nstxd needs root priviledges (bind port 53).
No exploit to get a remote shell has been reported (just a DOS).


---------------------------------------------------------------------- 
Copyright (c) Rstack Team
This document is copyrighted. It can't be edited nor republished 
without explicit consent of Rstack Team. 
For more informations, feel free to contact us. 
http://www.rstack.org/ 
---------------------------------------------------------------------- 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ