Reported
October 1, 2003 by Bahaa Naamneh.
VERSIONS
AFFECTED
OmniCom Technologies'
winShadow 2.0
DESCRIPTION
winShadow 2.0 contains multiple vulnerabilities,
the most serious of which can permit an attacker to execute arbitrary code on
the master client and remotely crash the server. According to the discoverer,
the process that handles the hostname parameter, which is read from the host
files (*.osh), causes a buffer overflow if approximately 250 bytes of data pass
after this parameter. Also, by connecting to the server and issuing a long
username or password, a malicious user can cause the server to crash and refuse
any further connections until the server is closed down through logoff or
reboot.
VENDOR
RESPONSE
CREDIT
Discovered by
Bahaa Naamneh.
OmniCom Technologies has been notified.
Multiple Vulnerabilities in winShadow for Windows
2 comments
Hide comments