Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability

From: Ussr Labs (labsat_private)
Date: Wed Nov 24 1999 - 17:19:38 PST

Next message: Matt Conover: "[w00giving '99 #5 and w00news]: UnixWare 7's su"

Previous message: Ahmed Ghandour: "Netscape communicator 4.x Javascript security flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Remote DoS Attack in WorldClient Server v2.0.0.0 Vulnerability

PROBLEM:
UssrLabs found a buffer overflow in WorldClient Server v2.0.0.0 where they
do not use proper bounds checking.
The following all result in a Denial of Service against the service in
question.

affected services:

WorldClient: Port 2000

This two remotes services are affected to overflow of you send a large url
name.

Like: http:/serverip/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

For the Binary / Source for this WorldClient Server v2.0.0.0 Denial of
Service:

Go To: http://www.ussrback.com/mdeam285/


Vendor Status:
Contacted.

Vendor   Url: http://www.mdaemon.com

Credit: USSRLABS

SOLUTION
    Nothing yet.



u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h
http://www.ussrback.com

Next message: Matt Conover: "[w00giving '99 #5 and w00news]: UnixWare 7's su"
Previous message: Ahmed Ghandour: "Netscape communicator 4.x Javascript security flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:14:23 PDT