![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
Date: Mon, 26 Feb 2001 11:14:39 +0100
From: =?iso-8859-1?Q?Peter_Gr=FCndl?= <peter.grundl@DEFCOM.COM>
Subject: def-2001-08: Netscape Collabra DoS
To: BUGTRAQ@SECURITYFOCUS.COM
======================================================================
Defcom Labs Advisory def-2001-08
Netscape Collabra DoS
Author: Peter Gründl <peter.grundl@defcom.com>
Release Date: 2001-02-26
======================================================================
------------------------=[Brief Description]=-------------------------
By sending malicious packets to the Netscape Collabra Server, it can
be brought to consume all available memory and CPU.
------------------------=[Affected Systems]=--------------------------
- Netscape Collabra Server V3.54 for Windows NT
----------------------=[Detailed Description]=------------------------
The collabra server listens on the following TCP ports per default:
119, 5238, 5239 and 20749.
By sending approx. 5kb of A's to TCP port 5238 and then terminating
the connection, you will cause two handles to be be allocated and
approx. 4-5kb kernel memory per connection. The ressources are not
freed again, so the attack can take place very slowly and eventually
it will consume all available memory.
By sending a null character followed by seven or more characters to
TCP port 5239, you will cause the process srchs.exe to spike at 100%
CPU usage.
---------------------------=[Workaround]=-----------------------------
Filter TCP ports 5238 and 5239 from untrusted networks, and contact
Netscape Support, if you need further assistance.
-------------------------=[Vendor Response]=--------------------------
The Vendor was contacted January 4th, 2001 and then again four times
via phone and email. There is still no indication that the vendor
intends to fix this problem.
======================================================================
This release was brought to you by Defcom Labs
labs@defcom.com www.defcom.com
======================================================================