XFree86-xfs-4.0.1-1 DoS

From: Jarosław Zachwieja (grokat_private)
Date: Wed Jun 06 2001 - 07:31:49 PDT

Next message: Michal Zalewski: "Microsoft Windows 2000 Telnet server vulnerability"

Previous message: zeno: "cgisecurity.com Advisory #5"
Next in thread: Mathias Dybvik: "Re:XFree86-xfs-4.0.1-1 DoS"
Reply: Mathias Dybvik: "Re:XFree86-xfs-4.0.1-1 DoS"
Reply: Mathias Dybvik: "Re:XFree86-xfs-4.0.1-1 DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

xfs from the package XFree86-xfs-4.0.1-1 (i386.rpm), RedHat 7.0 seems to 
suffer from a Denial of Service attack.
To cause xfs to stop responding for requests, try to do the fillowing:

$ telnet victim xfs </dev/urandom

Repeat about 100 (or 1000) times and you get Connection refused message.

Regular Xservers can no longer connect, usually crash stating Could not open 
default font 'fixed' and probably get disabled for 5 minutes if run from 
inittab.

I'd appreciate any succesfull/unsuccesfull attemps of reproducing this 
behaviour.

Regards,
--
Valentine M. Smith

Next message: Michal Zalewski: "Microsoft Windows 2000 Telnet server vulnerability"
Previous message: zeno: "cgisecurity.com Advisory #5"
Next in thread: Mathias Dybvik: "Re:XFree86-xfs-4.0.1-1 DoS"
Reply: Mathias Dybvik: "Re:XFree86-xfs-4.0.1-1 DoS"
Reply: Mathias Dybvik: "Re:XFree86-xfs-4.0.1-1 DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 08 2001 - 09:24:06 PDT