SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Join our Affiliate Program
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  WapServ Vendors:  wap-serv.com
WapServ WAP Gateway Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1007555
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 22 2003
Impact:  Denial of service via network
Exploit Included:  Yes  
Description:  A denial of service vulnerability was reported in WapServ. A remote user can crash the WAP gateway.

It is reported that a remote user can send certain byte values to the gateway to cause the gateway to crash. The following values can trigger the flaw:

- For connectionless non-WTLS communications on port 9200:

0x00 (or any single byte value)

- For connection-oriented non-WTLS communications on port 9201:

0x89, 0x77, 0x13, 0x86, 0x3d

It is also reported that a remote user can cause the gateway to run out of memory by sending the following values to port 9201:

0xa6, 0x09, 0x5d

The above listed exploits can reportedly be used to prevent the gateway from starting.

The vulnerability affects WapServ Lite, WapServ Pro, and WapServ Enterprise, the report said.

The vendor has reportedly been notified.
Impact:  A remote user can cause the WAP gateway to crash.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.wap-serv.com/ (Links to External Site)
Cause:  Exception handling error
Underlying OS:  Windows (NT), Windows (98), Windows (2000)
Reported By:  "Bug Zilla" <bugzilla@redhat.com>
Message History:   None.

 Source Message Contents
Date:  Fri, 22 Aug 2003 11:34:29 +0200
From:  "Bug Zilla" <bugzilla@redhat.com>
Subject:  [Full-Disclosure] SECURITY ADVISORY

 

SECURITY ADVISORY

IMPACT: DoS
SEVERITY: High
VENDOR: http://www.Wap-Serv.com
CONTACT: enquiries@wap-serv.com , +44 (0)1628 634240
PRODUCT: http://www.wap-serv.com/product.htm
         WapServ Lite, WapServ Pro, WapServ Enterprise
DISTRIBUTION: ALREADY NOTIFIED PUBLIC DOMAIN AND VENDOR SIMULTANEOUSLY


HOW TO REPRODUCE:

   To Crash Wap Serv
     1) Start WapServ wap gateway on platform
     2) Send the following data over the specific listening ports
       a) 0x00 (or any single byte value) to port 9200 (Connection-less non WTLS)
      or
       b) 0x89, 0x77, 0x13, 0x86, 0x3d to port 9201 (Connection-orientated non WTLS)
	   
   To Cause Out Of Memory
     1) Start WapServ wap gateway on platform
     2) Send the following over the specified listening ports
       a) 0xa6, 0x09, 0x5d to port 9201 (Connection-orientated non WTLS)

   To prevent WapServ from starting
     1) Send relevant bytes to well known wap ports
     2) Start WapServ wap gateway, it will fail to start.

END SECURITY ADVISORY


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC