From peter.grundl@DEFCOM.COM Tue Apr 3 21:05:09 2001 From: "[iso-8859-1] Peter Gründl" To: BUGTRAQ@SECURITYFOCUS.COM Date: Tue, 3 Apr 2001 07:16:50 +0200 Subject: [BUGTRAQ] def-2001-17: Navision Financials Server DoS [The following text is in the "iso-8859-1" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] ====================================================================== Defcom Labs Advisory def-2001-17 Navision Financials Server DoS Author: Peter Gründl Release Date: 2001-04-03 ====================================================================== ------------------------=[Brief Description]=------------------------- The Navision Financials Server contains a flaw that allows an attacker to crash the service. ------------------------=[Affected Systems]=-------------------------- - Navision Financials Server V2.50 for Windows NT/2000 - Navision Financials Server V2.60 for Windows NT/2000 ----------------------=[Detailed Description]=------------------------ Sending a null character followed by approx. 30k of A's to TCP port 2407 causes a buffer overflow and terminates the process (SERVER.EXE). The overflow does not appear to be exploitable. A smaller amount can also be used, and will silently kill the process. This requires approx. 10 connections starting with a null character, followed by 100+ characters. ---------------------------=[Workaround]=----------------------------- Disallow access to TCP port 2407 from untrusted systems, and contact Navision-Damgaard Support to obtain the patch for this problem: http://www.navision.com/com/view.asp?documentID=258 -------------------------=[Vendor Response]=-------------------------- The issue was brought to the vendors attention on the 21st of December, 2000. A patch was created by the vendor on the 5th of March, 2001. ====================================================================== This release was brought to you by Defcom Labs labs@defcom.com www.defcom.com ======================================================================