Denicomp Systems RSHD Remote Shell Server for Windows Can Be Crashed By Remote Users
SecurityTracker Alert ID: 1001516|
SecurityTracker URL: http://securitytracker.com/id/1001516
(Links to External Site)
Date: May 11 2001
Denial of service via network|
Exploit Included: Yes |
Version(s): v2.18.03 for Windows 95/98/Me; v2.18.00 for Windows NT/2000 (Intel); v2.17.07 for Windows NT/2000 (DEC Alpha); possibly earlier versions|
SNS Research discovered a vulnerability in Denicomp System's RSHD remote shell server for Windows operating systems. The vulnerability allows remote users to cause the service to crash.|
The vulnerability reportedly exists in the port-handling code. If a remote user sends a string of approximately 4300 bytes to the listening port of the RSH server (which defaults to the standard port 514), the RSH service will crash. A restart of the service is required to regain full functionality.
The vendor has reportedly been notified.
A remote user can cause the RSH service to crash.|
The vendor is reportedly working on a fix that will be released shortly.|
Vendor URL: www.denicomp.com/ (Links to External Site)
Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)|
Source Message Contents
Date: Thu, 3 May 2001 21:27:42 +0200|
Subject: Denicomp REXECD/RSHD Denial of Service Vulnerability
Strumpf Noir Society Advisories
! Public release !
-= Denicomp REXECD/RSHD Denial of Service Vulnerability =-
Release date: Thursday, May 3, 2001
Denicomp's REXECD and RSHD products are ports of their counterparts
on Unix-based systems, allowing the use of the rcp, rsh and rexec
commands on machines running MS Windows.
These products can be obtained through the vendors website at:
There exists a problem in the port-handling code of mentioned
products which exposes the services provided by these to a DoS attack.
When a string of +/- 4300 bytes is sent to the listening port of
the REXEC and/or RSH daemons (defaulting to the standard 512 and
514 ports), the service in question will die.
A restart will be needed to regain full functionality.
Vendor has been notified and has verified this problem. New versions
of these products will be released from the vendor's website shortly.
Denicomp Winsock RSHD/NT v2.18.00 (Intel)
Denicomp Winsock RSHD/NT v2.17.07 (DEC Alpha)
Denicomp Winsock REXECD/NT v1.05.00 (Intel)
Denicomp Winsock REXECD/NT v1.04.08 (DEC Alpha)
Denicomp Winsock RSHD/95 v2.18.03
Denicomp Winsock REXECD/95 v1.00.02
Earlier versions are expected to be vulnerable as well, users are
encouraged to upgrade.
Free sk8! (http://www.freesk8.org)
SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)
compliant, all information is provided on AS IS basis.
EOF, but Strumpf Noir Society will return!