This seems to have been fixed at some point, connecting and/or spewing
random data to exceedhost 6000-6010 has no discenrible effect on exceed
6.1.0 under win98 or NTsp4.
A denial of service is still possible though: Exceed defaults to allowing
128 connections from the xdm host, but counts a telnet connection as though
it were a connection from a valid X client. Once the max number of
connections is reached, subsequent attempts to the X port range are refused.
--
David Poythress dpat_private
"Grammar, which controls even kings ..." --Moliere
-----Original Message-----
From: LaFournaise, Chris J.
[mailto:cjlafournaiseat_private]
Sent: Tuesday, April 27, 1999 15:29
To: BUGTRAQat_private
Subject: NT/Exceed D.O.S.
This is regarding Hummingbird's Exceed X emulator v5 (and
possibly v6)
running on Windows NT. I haven't tested Win95/98.
The Exceed X server allows inbound TCP connections on port
6000 from the XDM
host. If someone uses telnet from the XDM host to connect
to a PC running
Exceed on port 6000 and enters any garbage text, the X
server will hang and
the Exceed session is frozen for good.
I have notified Hummingbird via their tech support web site
but have not
received a response yet.
Chris LaFournaise
cjlafournaiseat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:44:43 PDT