[ Advisory for Electrocomm ] [ Electrocomm is made by Electrosoft ] [ Site: http://www.esei.com ] [ by nemesystm of the DHC ] [ (http://dhcorp.cjb.net - neme-dhcat_private) ] [ ADV-0118 ] /-|=[explanation]=|-\ ElectroComm allows you to connect to a comm port on a computer over a network using any Telnet client. The program can fall victim to a denial of service. /-|=[who is vulnerable]=|-\ Electrocomm 2.0 has been tested to be vulnerable. Prior versions are assumed to be vulnerable as well. /-|=[testing it]=|-\ Sending two bursts of characters with a length of about 160000 each to port 23 will peg CPU to 100% and then crash with: Run-time error '381': Invalid array index. I have made a perl script that exploits this. It is in the advisory that is available on the DHC site. http://www.emc2k.com/dhcorp/homebrew/electro.zip /-|=[fix]=|-\ None known at the moment. Free, encrypted, secure Web-based email at www.hushmail.com
This archive was generated by hypermail 2b30 : Tue May 08 2001 - 08:42:02 PDT