======================================================================
                   Defcom Labs Advisory def-2001-01

                  ImageCast IC3 Control Center DoS

Author: Peter Gründl <peter.grundl@defcom.com>
Release Date: 2001-01-08
======================================================================
------------------------=[Brief Description]=-------------------------
ImageCast, a rapid-PC-deployment tool, much like Ghost, has problems
handling malformed input. These problems can result in a DoS against
the ImageCast Control Center.

------------------------=[Affected Systems]=--------------------------
- ImageCast V4.1.0

----------------------=[Detailed Description]=------------------------
Sending a string of approx. 50Kb to the ICCC service (TCP port 12002)
results in the server consuming all available CPU and no longer
accepting connections to that port.

Sending multiple packets to port 8081 starting from size 14000 bytes
(+carriage return & linefeed), results in a warning box being opened
for each connection, and will eventually (after approx 326 packets)
result in the OS killing ICCC.exe within a very short time.

---------------------------=[Workaround]=-----------------------------
None known. The vendor, Storagesoft Inc., can be contacted through
their website at http://www.storagesoft.com/corporate/contact.asp.
Please refer to the incident number ([Incident:main 001222-0002]),
if you contact Storagesoft regarding this issue.

-------------------------=[Vendor Response]=--------------------------
This issue was brought to the vendor's attention on the 21st of
December and assigned incident number [Incident:main 001222-0002].
Three emails were exchanged and here is a snippet from the
correspondance:

"At 12/29/2000 02:16 PM we wrote - Peter, this is an issue that will
be dealt with in a future version of Imagecast. The information you
have provided has been forwarded to the product manager. It has been
closed so it is no longer in the tech support database since it is
an issue that can currently only be fixed through code changes in
the program."

Attempts to find out which version this would be, and when it would
be released, resulted in this reply:

"At 01/04/2001 03:30 PM we wrote - We currently do not have the data
as to which version it will be done with.  We will most likely be
unable to provide that information until a the very least 1 to 2
weeks before a release.  We cannot release a product with out
testing for specifics.  At the very least we are trying to get more
time to test before release dates."

======================================================================
             This release was brought to you by Defcom Labs

               labs@defcom.com             www.defcom.com
======================================================================