OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: neme-dhcHUSHMAIL.COM
Date: Mon May 07 2001 - 19:33:18 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

     [ Advisory for Electrocomm ]
     [ Electrocomm is made by Electrosoft ]
     [ Site: http://www.esei.com ]
     [ by nemesystm of the DHC ]
     [ (http://dhcorp.cjb.net - neme-dhchushmail.com) ]
     [ ADV-0118 ]

    /-|=[explanation]=|-\
    ElectroComm allows you to connect to a comm port on
    a computer over a network using any Telnet client.
    The program can fall victim to a denial of service.

    /-|=[who is vulnerable]=|-\
    Electrocomm 2.0 has been tested to be vulnerable.
    Prior versions are assumed to be vulnerable as well.

    /-|=[testing it]=|-\
    Sending two bursts of characters with a length of
    about 160000 each to port 23 will peg CPU to 100%
    and then crash with:
    Run-time error '381':
    Invalid array index.

    I have made a perl script that exploits this. It is
    in the advisory that is available on the DHC site.
    http://www.emc2k.com/dhcorp/homebrew/electro.zip

    /-|=[fix]=|-\
    None known at the moment.
    Free, encrypted, secure Web-based email at www.hushmail.com