Neon Responders Remote Clock Synchronization Denial of Service Vulnerability

Bugtraq ID:	17569
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Apr 10 2006 12:00AM
Updated:	Apr 18 2006 07:36PM
Credit:	Stefan Lochbihler <[email protected]> is credited with the discovery of this issue.
Vulnerable:	Neon Software Neon Responders 5.4
Not Vulnerable:

Neon Responders Remote Clock Synchronization Denial of Service Vulnerability

Neon Responders is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle malformed network packets.

This issue allows remote attackers to crash the affected application, denying further service to legitimate users.

Version 5.4 of Neon Responders for Windows is vulnerable to this issue; other versions may also be affected.

Neon Responders Remote Clock Synchronization Denial of Service Vulnerability

The following exploit is available:

• /data/vulnerabilities/exploits/neon_responder_dos.c

Neon Responders Remote Clock Synchronization Denial of Service Vulnerability

Solution:

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]

Neon Responders Remote Clock Synchronization Denial of Service Vulnerability

References:

• Neon Responders Product Page (Neon Software)
  
• Neon Responder (Dos,Exploit) (Stefan Lochbihler )