[Full-Disclosure] eServ Memory Leak Solution

• Previous message: vogt_at_hansenet.com: "AW: [Full-Disclosure] About spamb strange characters"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: bugtraq@securityfocus.com, news@securiteam.com, bugs@securitytracker.com, vulnwatch@vulnwatch.org, full-disclosure@lists.netsys.com
Date: Tue, 13 May 2003 12:38:00 -0400

After discussion with Andrey Cherezov, the cause and solution of the eServ
memory "leak" has been identified. Delayed de-allocation associated with
thread creation and destruction caused the issue. eServ 2.9x was
vulnerable to my attacks because during the delay (up to a few minutes), it
continued spawning threads, resulting in a denial of service. eServ 3.0
uses a new acTCP kernel to improve service. Specifically, it does not
create new threads beyond its maximum connection queue. The delay
condition still exists, but cannot be exploited to cause major memory loss.
I recommend that eServ 2.9x users contact the vendor about upgrading as
appropriate.

eServ has had one other vulnerability, a buffer overrun in its virtual host
support. Stating that eServ has a "horrible security record" was perhaps a
horrible overstatement on my part. :-)

There have been other vulnerabilities in products un-related to eServ,
which were developed on the same kernel. Specifically, acFTP's
authentication logging bug, and the acFreeProxy XSS, which I have been
informed was the result of a configuration error.

I was also informed during discussions with the developer that the reason
my e-mail was not replied to immediately was because of Russia's day of
victory celebrations, and not due to negligence.

--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: vogt_at_hansenet.com: "AW: [Full-Disclosure] About spamb strange characters"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages eServ Memory Leak Solution ... the cause and solution of the eServ ... but cannot be exploited to cause major memory loss. ... eServ has had one other vulnerability, a buffer overrun in its virtual host ... I was also informed during discussions with the developer that the reason ... (Bugtraq) [NT] EServ Password Protected File Arbitrary Read Access Vulnerability ... EServ is a Mail, News, Web, FTP, and Proxy Server ... A vulnerability in the product allows ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam) Memory-leak vulnerability in EServ/3.00 ... eServ includes Mail, News, Web, FTP and Proxy Servers. ... It's the most popular russian server. ... Several time ago similar vulnerability was founded in EServ/2.99 ... (Bugtraq) Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability ... Eserv 2.97 Password Protected File Arbitrary Read Access ... The vulnerability allows you to view any password protected files and ... PGP Key ID: 0x2B5EDCB0 Fingerprint: ... (Bugtraq)