NSTX Remote Denial Of Service Vulnerability
BID:9989
Info
NSTX Remote Denial Of Service Vulnerability
| Bugtraq ID: | 9989 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 26 2004 12:00AM |
| Updated: | Mar 26 2004 12:00AM |
| Credit: | Discovery of this issue is credited to laurent oudot <[email protected]>. |
| Vulnerable: |
Nstx IP Over DNS Utility 1.1 beta3 Nstx IP Over DNS Utility 1.1 beta2 Nstx IP Over DNS Utility 1.1 beta1 Nstx IP Over DNS Utility 1.0 |
| Not Vulnerable: |
Nstx IP Over DNS Utility 1.1 beta4 |
Discussion
NSTX Remote Denial Of Service Vulnerability
It has been reported that NSTX is prone to a remote denial of service vulnerability. This issue is due to a failure of the application to handle network strings of excessive length.
This issue may allow a remote attacker to cause the affected process to crash, denying service to legitimate users.
It has been reported that NSTX is prone to a remote denial of service vulnerability. This issue is due to a failure of the application to handle network strings of excessive length.
This issue may allow a remote attacker to cause the affected process to crash, denying service to legitimate users.
Exploit / POC
NSTX Remote Denial Of Service Vulnerability
The following proof of concept has been provided:
remote-hacker$ perl -e '{ print "A" x 500 }' | nc -u www.example.com
The following proof of concept has been provided:
remote-hacker$ perl -e '{ print "A" x 500 }' | nc -u www.example.com
Solution / Fix
NSTX Remote Denial Of Service Vulnerability
Solution:
The vendor has released an upgrade dealing with this issue.
Nstx IP Over DNS Utility 1.0
Nstx IP Over DNS Utility 1.1 beta2
Nstx IP Over DNS Utility 1.1 beta3
Nstx IP Over DNS Utility 1.1 beta1
Solution:
The vendor has released an upgrade dealing with this issue.
Nstx IP Over DNS Utility 1.0
-
Nstx nstx-1.1-beta4.tgz
http://nstx.dereference.de/nstx/nstx-1.1-beta4.tgz
Nstx IP Over DNS Utility 1.1 beta2
-
Nstx nstx-1.1-beta4.tgz
http://nstx.dereference.de/nstx/nstx-1.1-beta4.tgz
Nstx IP Over DNS Utility 1.1 beta3
-
Nstx nstx-1.1-beta4.tgz
http://nstx.dereference.de/nstx/nstx-1.1-beta4.tgz
Nstx IP Over DNS Utility 1.1 beta1
-
Nstx nstx-1.1-beta4.tgz
http://nstx.dereference.de/nstx/nstx-1.1-beta4.tgz
References
NSTX Remote Denial Of Service Vulnerability
References:
References:
- Project Home Page (Nstx)
- Nstxd vulnerability (laurent oudot
)