Vulnerability
Electocomm
Affected
Electrocomm 2 and prior
Description
nemesystm of the DHC found following. ElectroComm allows you to
connect to a comm port on a computer over a network using any
Telnet client. The program can fall victim to a denial of
service.
Electrocomm 2.0 has been tested to be vulnerable. Prior versions
are assumed to be vulnerable as well.
Sending two bursts of characters with a length of about 160000
each to port 23 will peg CPU to 100% and then crash with:
Run-time error '381': Invalid array index.
There is a perl script that exploits this. It is in the advisory
that is available on the DHC site:
http://www.emc2k.com/dhcorp/homebrew/electro.zip
Solution
None known at the moment.
Credits
-- UnKnown --
|