what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

RSTACK-20040325.txt

RSTACK-20040325.txt
Posted Mar 27, 2004
Authored by Rstack Team | Site rstack.org

Rstack Team Security Advisory RSTACK-20040325 - Nstxd has been found vulnerable to a denial of service attack due to a null-pointer-dereference.

tags | advisory, denial of service
SHA-256 | d4de4aa22804d1da1775735c057713af54e0dd21b46baab500dfe906cb86973f

RSTACK-20040325.txt

Change Mirror Download



----------------------------------------------------------------------
Rstack Team (Rstack.org) --- Security Advisory


Advisory Number: RSTACK-20040325
Subject: Nstxd remote DoS-Bug (NULL-pointer-dereference)
Author: Laurent Oudot <oudot@rstack.org>
Discovered: ...
Published: March 25, 2004
----------------------------------------------------------------------


Problem description
===================


Nstxd is the server from the Nstx project. Nstx can be used to create
IP trafic over DNS (can be used by blackhats for special Wifi networks
with DNS open for everybody).

Unexpected input may crash the server called nstxd which will at least
result in a DOS due to a NULL-pointer-dereference.
The service nstxd runs as root to bind the UDP port 53.



Vulnerable versions
===================


Tests were done with the latest version : nstx-1.1-beta3
http://debmail.dereference.de/nstx/nstx-1.1-beta3.tgz


Vendor status
=============


The Nstx team quickly solved this bug.
A new release is available : nstx-1.1-beta4.

>From the ChangeLog :
1.1-beta4: sky
2004/03/26
* Fixed a remote DoS-Bug (NULL-pointer-dereference)



Solutions
=========


* Upgrade your Nstx version at :
http://debmail.dereference.de/nstx/nstx-1.1-beta4.tgz

* Workaround: Containment (chroot, jail...) and low level security
solutions (grsecurity, systrace...) should be use to improve
the security of such a server.



Example
=======

** On the server (assume the IP is 192.168.1.34 for this example):
nstx-1.1-beta3# ./nstxd tun.mydomain.com

** On a remote "evil" client:
remote-hacker$ perl -e '{ print "A" x 500 }' | nc -u 192.168.1.34 53

This will segfault the server.
It might be dangerous as nstxd needs root priviledges (bind port 53).
No exploit to get a remote shell has been reported (just a DOS).


----------------------------------------------------------------------
Copyright (c) Rstack Team
This document is copyrighted. It can't be edited nor republished
without explicit consent of Rstack Team.
For more informations, feel free to contact us.
http://www.rstack.org/
----------------------------------------------------------------------
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close