Rideway PN V6.22 Vulnerable to DoS Attack

Reported November 14, 2000 by Strumpf Noir Society

VERSIONS AFFECTED

DESCRIPTION

Rideway PN, a Windows bases proxy application, is vulnerable to a denial of service attack.  If the Telnet Proxy is enabled and listening on port 23 (default Telnet port) a malicious attacker could cause all proxy services to become unavailable.

DEMONSTRATION

Below is the Rideway PN log file provided by Strumpf Noir that demonstrates the denial of service.

11/06/00 18:12:57 Error(11001): WSAHOST_NOT_FOUND
(gethostbyname)(NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN)
(DnsNameToIP)

11/06/00 18:12:57 Connect(1): need secure dest
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNN/06/00

18:12:57 Connect(1): need secure dest
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNN/06/00

18:13:01 Error(11001): WSAHOST_NOT_FOUND
(gethostbyname)(NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN)
(DnsNameToIP)

11/06/00 18:13:01 Connect(1): need secure dest
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNN/06/00

18:13:01 Connect(1): need secure dest
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNN/06/00

18:13:05 Error(11001): WSAHOST_NOT_FOUND
(gethostbyname)(NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN)
(DnsNameToIP)

11/06/00 18:13:05 Connect(1): need secure dest
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNN/06/00

18:13:05 Connect(1): need secure dest
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNN/06/00

18:36:20 Debug: =======

Initialize RideWay PN Server (161)

=======

VENDOR RESPONSE

The vendor has been notified but no response has been provided.  Strumpf Noir Society released this information in accordance with RFpolicy, http://www.wiretrip.net/rfp/policy.html

CREDIT
Discovered by
Strumpf Noir Society

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish