Cassandra NNTPServer Subject to DoS

 
Cassandra NNTPServer Subject to DoS
Reported May 1, 2000 by
USSRLabs
VERSIONS EFFECTED
  • NNTPServer Version v1.10

DESCRIPTION

The NNTP service, which listens on port 119, contains an unchecked buffer that could allow an attacker to crash the service.

DEMONSTRATION

By sending a large buffer of approximately 10,000 characters in conjunction with the AUTHINFO command, the NNTP service (on port 199) can be made to crash.

AUTHINFO user \[ 10000 chars \]

VENDOR RESPONSE

Atrium Software International is aware of this issue, however no response was known at the time of this writing.

CREDITS
Discovered and reported by
USSRLabs
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish