Denicomp Systems RSHD Remote Shell Server for Windows Can Be Crashed By Remote Users - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > RSHD

Vendors: Denicomp Systems

Denicomp Systems RSHD Remote Shell Server for Windows Can Be Crashed By Remote Users

SecurityTracker Alert ID: 1001516

SecurityTracker URL: http://securitytracker.com/id/1001516

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: May 11 2001

Impact: Denial of service via network

Exploit Included: Yes

Version(s): v2.18.03 for Windows 95/98/Me; v2.18.00 for Windows NT/2000 (Intel); v2.17.07 for Windows NT/2000 (DEC Alpha); possibly earlier versions

Description: SNS Research discovered a vulnerability in Denicomp System's RSHD remote shell server for Windows operating systems. The vulnerability allows remote users to cause the service to crash.

The vulnerability reportedly exists in the port-handling code. If a remote user sends a string of approximately 4300 bytes to the listening port of the RSH server (which defaults to the standard port 514), the RSH service will crash. A restart of the service is required to regain full functionality.

The vendor has reportedly been notified.

Impact: A remote user can cause the RSH service to crash.

Solution: The vendor is reportedly working on a fix that will be released shortly.

Vendor URL: www.denicomp.com/ (Links to External Site)

Cause: Boundary error

Underlying OS: Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History: None.

Source Message Contents

Date: Thu, 3 May 2001 21:27:42 +0200
Subject: Denicomp REXECD/RSHD Denial of Service Vulnerability


Strumpf Noir Society Advisories
! Public release !
<--#


-= Denicomp REXECD/RSHD Denial of Service Vulnerability =-

Release date: Thursday, May 3, 2001


Introduction:

Denicomp's REXECD and RSHD products are ports of their counterparts
on Unix-based systems, allowing the use of the rcp, rsh and rexec
commands on machines running MS Windows.

These products can be obtained through the vendors website at:
http://www.denicomp.com


Problem:

There exists a problem in the port-handling code of mentioned
products which exposes the services provided by these to a DoS attack.

When a string of +/- 4300 bytes is sent to the listening port of
the REXEC and/or RSH daemons (defaulting to the standard 512 and
514 ports), the service in question will die.

A restart will be needed to regain full functionality.


(..)


Solution:

Vendor has been notified and has verified this problem. New versions
of these products will be released from the vendor's website shortly.


Vulnerable:

WINNT/WIN2K:

Denicomp Winsock RSHD/NT v2.18.00 (Intel)
Denicomp Winsock RSHD/NT v2.17.07 (DEC Alpha)
Denicomp Winsock REXECD/NT v1.05.00 (Intel)
Denicomp Winsock REXECD/NT v1.04.08 (DEC Alpha)

Win95/98/ME:

Denicomp Winsock RSHD/95 v2.18.03
Denicomp Winsock REXECD/95 v1.00.02

Earlier versions are expected to be vulnerable as well, users are
encouraged to upgrade.


yadayadayada

Free sk8! (http://www.freesk8.org)

SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)
compliant, all information is provided on AS IS basis.

EOF, but Strumpf Noir Society will return!

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC