Date: Mon, 26 Feb 2001 11:14:39 +0100 From: =?iso-8859-1?Q?Peter_Gr=FCndl?= <peter.grundl@DEFCOM.COM> Subject: def-2001-08: Netscape Collabra DoS To: BUGTRAQ@SECURITYFOCUS.COM ====================================================================== Defcom Labs Advisory def-2001-08 Netscape Collabra DoS Author: Peter Gründl <peter.grundl@defcom.com> Release Date: 2001-02-26 ====================================================================== ------------------------=[Brief Description]=------------------------- By sending malicious packets to the Netscape Collabra Server, it can be brought to consume all available memory and CPU. ------------------------=[Affected Systems]=-------------------------- - Netscape Collabra Server V3.54 for Windows NT ----------------------=[Detailed Description]=------------------------ The collabra server listens on the following TCP ports per default: 119, 5238, 5239 and 20749. By sending approx. 5kb of A's to TCP port 5238 and then terminating the connection, you will cause two handles to be be allocated and approx. 4-5kb kernel memory per connection. The ressources are not freed again, so the attack can take place very slowly and eventually it will consume all available memory. By sending a null character followed by seven or more characters to TCP port 5239, you will cause the process srchs.exe to spike at 100% CPU usage. ---------------------------=[Workaround]=----------------------------- Filter TCP ports 5238 and 5239 from untrusted networks, and contact Netscape Support, if you need further assistance. -------------------------=[Vendor Response]=-------------------------- The Vendor was contacted January 4th, 2001 and then again four times via phone and email. There is still no indication that the vendor intends to fix this problem. ====================================================================== This release was brought to you by Defcom Labs labs@defcom.com www.defcom.com ======================================================================