Reported April 3, 2001, by Defcom Labs.
Navision Financials Server 2.50 for Windows 2000 and Windows NT
Navision Financials Server 2.60 for Windows 2000 and Windows NT
A Denial of Service (DoS) condition exists in the Navision Financials Server versions 2.50 and 2.60 for Windows 2000 and Windows NT that lets a remote attacker crash the server service. By sending a null character followed by 30,000 bytes of the character "A" to TCP port 2047, a buffer overflow occurs and results in the termination of the process server.exe.
The vendor, Navision, recommends disallowing access to port 2047 from untrusted systems. Contact Navision-Damgaard Support to obtain a patch for this issue.
Discovered by Peter Gründl.