|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: neme-dhc
HUSHMAIL.COMDate: Mon May 07 2001 - 19:33:18 CDT
[ Advisory for Electrocomm ]
[ Electrocomm is made by Electrosoft ]
[ Site: http://www.esei.com ]
[ by nemesystm of the DHC ]
[ (http://dhcorp.cjb.net - neme-dhchushmail.com) ]
[ ADV-0118 ]
/-|=[explanation]=|-\
ElectroComm allows you to connect to a comm port on
a computer over a network using any Telnet client.
The program can fall victim to a denial of service.
/-|=[who is vulnerable]=|-\
Electrocomm 2.0 has been tested to be vulnerable.
Prior versions are assumed to be vulnerable as well.
/-|=[testing it]=|-\
Sending two bursts of characters with a length of
about 160000 each to port 23 will peg CPU to 100%
and then crash with:
Run-time error '381':
Invalid array index.
I have made a perl script that exploits this. It is
in the advisory that is available on the DHC site.
http://www.emc2k.com/dhcorp/homebrew/electro.zip
/-|=[fix]=|-\
None known at the moment.
Free, encrypted, secure Web-based email at www.hushmail.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]