Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: Peter Gründl (pgrundlkpmg.dk)
Date: Mon Jul 01 2002 - 04:03:31 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


    Title: Sitespring Server Denial of Service

    BUG-ID: 2002028
    Released: 01st Jul 2002

    A malicious user with access to the Sitespring database engine port
    can crash both the runtime database engine and the Sitespring web

    - Sitespring 1.2.0(277.1) using Sybase runtime engine v7.0.2.1480

    If the sybase database engine receives 1077 x chr(2) + \r\n\r\n it
    crashes. The web service will crash shortly after the database
    engine stops.

    Vendor URL:
    You can visit the vendor webpage here: http://www.macromedia.com

    Vendor Response:
    This was reported to the vendor on the 16th of April, 2002. There
    is currently no scheduled patch for this vulnerability. Vendor
    support for Sitespring is planned to end May, 2004.

    Corrective action:
    Apply IP filtering to the Sitespring server, so only the local host
    is allowed to connect to TCP port 2500.

    On Win2000 or WinXP this can be done using the built-in IP filter

    Author: Peter Gründl (pgrundlkpmg.dk)

    KPMG is not responsible for the misuse of the information we provide
    through our security advisories. These advisories are a service to
    the professional security community. In no event shall KPMG be lia-
    ble for any consequences whatsoever arising out of or in connection
    with the use or spread of this information.