[ Advisory for VdnsServer ] [ VdnsServer is sold by ZFC and Hughestech ] [ Site: http://www.zfc.com | www.hughesnet.net ] [ by nemesystm of the DHC ] [ (http://dhcorp.cjb.net - neme-dhcat_private) ] [ ADV-0121 ] /-|=[explanation]=|-\ Virtual DNS (Vdns) allows users with DSL & ADSL type connections to run their own web server with their own domain name. It suffers from a denial of service. /-|=[who is vulnerable]=|-\ VdnsServer 1.0 has been tested and was vulnerable. /-|=[testing it]=|-\ By opening up a connection to 6070, sending it some info and then cutting of the connection, Vdns goes into a state of "Default.Closed" and will not allow any other connections. I have made a perl script that exploits this. It is in the advisory that is available on the DHC site. http://www.emc2k.com/dhcorp/homebrew/vdns.zip /-|=[fix]=|-\ Download VdnsServer 2.0 Free, encrypted, secure Web-based email at www.hushmail.com
This archive was generated by hypermail 2b30 : Tue May 08 2001 - 08:49:36 PDT