TUCoPS :: Unix :: General :: rexecd.htm


TUCoPS :: Unix :: General :: rexecd.htm

Denicomp REXECD/RSHD DoS 
Vulnerability
 rexecd/rshd
Affected
 Denicomp REXECD/RSHD
Description
 Following is based on a Strumpf Noir Society Advisories.
 Denicomp's REXECD and RSHD products are ports of their
 counterparts on Unix-based systems, allowing the use of the rcp,
 rsh and rexec commands on machines running MS Windows.
 There exists a problem in the port-handling code of mentioned
 products which exposes the services provided by these to a DoS
 attack.
 When a string of +/- 4300 bytes is sent to the listening port of
 the REXEC and/or RSH daemons (defaulting to the standard 512 and
 514 ports), the service in question will die.
 A restart will be needed to regain full functionality.
 Vulnerable (tested):
 - Denicomp Winsock RSHD/NT v2.18.00 (Intel)
 - Denicomp Winsock RSHD/NT v2.17.07 (DEC Alpha)
 - Denicomp Winsock REXECD/NT v1.05.00 (Intel)
 - Denicomp Winsock REXECD/NT v1.04.08 (DEC Alpha)
 - Denicomp Winsock RSHD/95 v2.18.03
 - Denicomp Winsock REXECD/95 v1.00.02
 Earlier versions are expected to be vulnerable as well, users are
 encouraged to upgrade.
Solution
 Vendor has been notified and has verified this problem. New
 versions of these products will be released from the vendor's
 website shortly.

AltStyle によって変換されたページ (->オリジナル) /

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH