After a little searching around
Novell was apparently aware of this exploit, as it has been eliminated with the
Win95/98 v3.1 client (now at SP2 as of 10/03/1999). See Novell TID2948363 at
http://support.novell.com for details.
Have a good weekend!!
Michael J. Renner
Network/UNIX-PC Sy
On Wed, 6 Oct 1999, Neezam Haniff wrote:
NH> [nhaniff@dhcp-160-190 nhaniff]$ telnet localhost 25
NH> Trying 127.0.0.1...
NH> Connected to localhost.
NH> Escape character is '^]'.
NH> 220 dhcp-160-190.x.x ESMTP Sendmail 8.9.3/8.9.3; Wed, 6 Oct 1999 13:31:55 -0400
NH> helo x.x
NH> 250 dhcp-160-190.
First of all: The DoS WORKS. Tod Sambar himself tested it and found
his server vulnerable. But: You´re right Steve!
> > print $remote "GET " . "X" x . " HTTP/1.0\n\n";
Ther are too many 9s. My Perl (v.5005_02 running an Linux 2.2.12) only
prints a "GETHTTP/1.0" as well. If y
That does not look like the MTA that comes with RH 6.0. That is smail not
sendmail. I tryed this on my RH 6.0 install and it didn't work.
Notice the "220 fear62 Smail-3.2"
It's not sendmail.
-Original Message-
From: Bugtraq List [mailto:[EMAIL PROTECTED]]On Behalf Of Neezam
Haniff
Sent:
RedHat 6.1 comes bundled with a modified version of tcpdump, which has
the ability to listen on all the interfaces at once, which is nice.
However, the output format has changed. Whereas a typical tcpdump
line was :
time source.port > dest.port:[.]
It is now :
time interface > source.port
Quoting H D Moore ([EMAIL PROTECTED]) from Wed, Oct 06, 1999 at 12:50:28PM
-0500:
> The last version of MIX X Server I used did not have any authentication
> to speak of (so xhost, xauth, etc). It not only crashed when I sent
> garbage to it's tcp port, but tended to randomly crash the X
> appli
Bruce Dennison wrote:
>
> FYI,
>
> Perhaps this has been reported. I havent seen it. If it has been
> previously reported, sorry. Consider this a reminder.
>
> Novell client opens port 427 TCP. My services file reports this port to be
> known as 'svrloc'. You can bluescreen Win95/98 with Nove
I've tested it on sambar 4.2.1 and it's indeed
GET HTTP/1.0 to crash the sambar server.
Steve wrote:
> On Mon, Oct 04, 1999 at 12:58:40AM -, Dennis Conrad wrote:
> > #!/usr/bin/perl
> >
> > #
> > # Sample DOS against the Sambar HTTP-Server
> [snip]
> > print $remote "GET " . "X" x 9
Bruce,
> Novell client opens port 427 TCP. My services file reports this port to be
> known as 'svrloc'. You can bluescreen Win95/98 with Novell Client versions
> 3.0 and 3.0.1 by sending a SYN to this port, as you would with 'nmap -sS -p
> 427 '. This is quite fatal. The only recovery seems
Other cable ISPs, such as ones which I have worked for in the past, brought
the problem to Hybrid's attention almost TWO YEARS ago.
Hybrid gear is heavily insecure both in the field (their modems) and in the
headend (their headend hardware is EXTREMELY insecure and susceptible to
hacks, using r*
> Perhaps this has been reported. I havent seen it. If it has been
> previously reported, sorry. Consider this a reminder.
>
> Novell client opens port 427 TCP. My services file reports this port to be
> known as 'svrloc'. You can bluescreen Win95/98 with Novell Client versions
> 3.0 and 3.0.
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
Microsoft Security Bulletin (MS99-030)
-
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
Microsoft Security Bulletin (MS99-040)
-
On Wed, 6 Oct 1999, 3APA3A wrote:
> - there is no such problem. Can you say the version of Netscape with
> this bug?
The default netscape with RH5.2 (4.08), and glibc Netscape 4.61 for linux
are both vulnerable. Netscape 4.04, 4.07, 4.51, and 4.6 under solaris are
all vulnerable. Netscape 3.
Regardless of settings in the TCP/IP Security filters any IP protocol is
accepted.
TCP/IP security configuration example:
Permit all TCP ports, Permit all UDP ports, Permit only IP protocols: 6
The easiest way to prove it's broken is to configure it to only allow
IP-protocol 6 (TCP) and then pi
15 matches
Mail list logo