If this is your first time visiting the DoS DB, please take a minute to
read the following ABOUT the database. For more information on
Denial of Service, visit the DoS Help Desk.
[Firewalls] [Routers] [Browser/Web] [Windows] [Netware] [MacOS] [AIX] [BSD]
[HPUX] [Irix] [Linux] [Sun/Solaris] [OSF/DGUX] [Misc Unix] [TCP/IP] [Mail]
[IRC] [DNS] [X-Windows] [Apache] [Oracle/SQL] [Quake] [Everything Else]
New Additions
-------------
2100-228.dos L* S O 2.1.00 - 2.2.8 IP Options
2189-223.dos L* N O 2.1.89 - 2.2.3 IP Fragment crash
2200-229.dos L* N O 2.2.x ICMP Kernel Panic
bayn1000.dos Ro N O Bay Networks c1000 login crash
e4direct.dos W* N O IE4 "DirectDraw" Bug
ftpsrv25.dos WT N O FTP Serv-U 2.5 FTP command crash
Firewalls OS A T // Cisco PIX, Firewall 1, etc.
---------
wfirebox.dos * N O Watchguard Firebox - internal spoofed scan drops
pix-intr.dos FW N O Cisco PIX FW - DoS internal IPs via fragmented packets
consl-12.dos FW N O Conseal FW pre-1.2 flood 'learning' mode or logging
Routers OS A T // 3com, Ascend, Cisco, Livingston, etc
-------
isscisco.dos Ro N O Several Cisco - reset switch remotely
breezcm1.dos Ro N O BreezeCOM tftp firmware crash
breezcm2.dos Ro N O BreezeCOM remotely reboot router
iosyslog.dos Ro N O Cisco IOS - invalid udp packet crash syslog
osi-rmat.dos Ro N O OSICom Routermate TCP crash
ms-sms12.dos * N O W*/Cisco - System Management Service 1.2 DoS
xylg-64p.dos Ro N O Xylogics 64 character ping crashes router
3com-ip0.dos Ro N O 3com routers/bridges/hubs IP/TCP to management port
ap75pass.dos Ro N O Ascend Pipeline 75 - passwd prompt denial
asc-nzlt.dos Ro S O Ascend Router - remote crash via non-zero length tcp offset
ascsni26.dos Ro N O Ascend Router - remote reboot via UDP port 9 [SNI 26]
ascm-50a.dos Ro N O Ascend Max 5.0A port 150 reboot router
cisc2500.dos Ro N O Cisco 2500 (IOS 10.2) denial via port 7
cisc-7xx.dos Ro N O Cisco 7xx (IOS 4.1(x)) passwd overflow
cisc1005.dos Ro S O Cisco 1005 MTU=15k - crash
cistron.dos Ro N O Cistron Radius - remote crash
liv-dos1.dos Ro N O Livingston 1.16 + 2.0.1 Framed-Filter-Id crash
liv-dos2.dos Ro N O Livingston x.x (all) portmaster crash via remote overflow
liv-os37.dos Ro N O Lvingston pre 3.7 portmasters - telnet reboot
bgp-quer.dos Ro N O GBP Routing protocol - query saturation flood
route-7.dos Ro N O General Overview of crashing routers via port 7
cisco12.dos Ro N O IOS 11.x login access allows crash/reload
cpqmic6k.dos Ro N O Microcom 4.0.1x - deny access to admin control, brute force not hindered
flowpt2k.dos Ro N O Flowpoint DSL 2000 1.2.3 deny login, no auth
Browsers/Web OS A T // Netscape, MSIE (not OS specific)
------------
htmlfram.dos W* N O MSIE/NT crash via bad frames
msie-40x.dos * N O MSIE 4.x long "width=000..." in an <img> tag
mse4-ciu.dos W* N O MSIE 4/5 - hostile applet crash browser and OS
nsc-mail.dos * N O Netscape - crash with various headers
wwwboard.dos Ht N O CGI wwwboard - overwrite files on remote server
ns4x-cgi.dos Ht N O content-type of "internal/parser" crashes Netscape 4.x
ns4x-all.dos Ht N O Netscape 4.x - crash with 'table' and 'td' tags
ns4-bmrk.dos Ht N O Netscape 4.x - crash via long bookmarks
br-frame.dos Ht N O Crash Web Browsers via recursive frames (IE4/NS)
moz-kill.dos Ht N O Netscape 2.0/3.0 - link to this CGI to crash
java-awt.dos Ht - O javascript - open many unclosable windows (recursive)
ie40-lb.dos Ht N O IE 4.0 single # infinite recursion
opera.dos Ht C O Opera Browser crashes with extra /
iisj102.dos Ht N O IIS/Java 1.0.2 varying length URL
Windows OS A T // 3.11, Win95, WinNT
-------
icq-1700.dos W* N O ICQ99a build #1700 - malformed URL denial
iis-nlst.dos W* N O IIS Remote FTP denial
iisexair.dos W* N O IIS sample 'ExAir' denial
ipartybo.dos W* N O iParty port 6004 - overflow and crash
netbus11.dos W* N O Netbus 1.1 remote overflow crash
ntmaxpth.dos WT S O NT MAX_PATH - click on file crash machine
wiis-get.dos W* N O GET Requests consume resources
win-icmp.dos W* N O ICMP/Redirect-host message storm freeze Win9x/NT(sp4)
winservu.dos W* N O Serve-U FTP - crash
wsftp10x.dos W* N O WS_FTP Server - cwd buffer overflow
iis40ftp.dos W* N O MS IIS 4.0 FTP - multiple connects
nt-irqln.dos WT S O IRQL_NOT_LESS_OR_EQUAL exception crashes box
novic300.dos W* N O Novell Intranetware Client 3.0.0.0 - port 427
nobo-udp.dos W* N O Nobo 1.2 - udp packets crash prog
aim-warn.dos W* N O AOL Instant Messenger - force disconnect
nukenabr.dos WT N O Nukenabber - consume CPU resources
taskman.dos WT C O Windows Task Manager - consume resources
wingate.dos W* N O Remotely crash wingate
qw-win32.dos W* N O QuakeWorld win32 perl attack
proxy-20.dos W* N O MS Proxy 2.0 - ftp URL
pcanyw-8.dos W* N O PC Anywhere 8.0 - port 5631 crash
ntapplet.dos WT N O Applet can kill almost any NT box
nt-hinst.dos WT S O WINAPI WinMain(HINSTANCE hinstExe script crashes box
nt-iishd.dos WT N O NT & IIS - consume CPU/HD via sample guestbook
wn-tcprs.dos WT N O NT - PSH ACK will reset NT TCP/IP connection
nt-nativ.dos WT S O NT - undocumented function NtDeviceIoControlFile crashes system
nt-tdrp2.dos WT N O NT - 'teardrop2' UDP packet with crafted header crashes system
ntfloppy.dos WT C O NT - 'redhat rescue' floppy causes BS instantaly
nmd27sp4.dos WT N O Alt-N MDaemon 2.7 SP4 RCPT-TO string BO
w95-prox.dos W9 N O Wingate/Startech proxy - crash via POP or telnet
slmail31.dos W* N O SLMail 3.1 slsmtp.exe remote SMTP command DoS
ntvintra.dos W* N O Vintra Mailserver remote SMTP command DoS
ol-47221.dos W* N O Outlook v4.72.2106 filename attachment DoS
ie4-otag.dos W* N O IE 4.x OBJECT tag - crash browser
wn-snork.dos W* N O 'snork' attack - consume resources via UDP packets
mircport.dos W* I O MIRC msg com port freeze
ln11-45x.dos W* N O Lotus Notes SMTP MTA 1.1 on Server 4.5x MIME DoS
eud-time.dos W* N O Mail with date set to pre 1970 will crash Eudora
opennt21.dos W* N O OpenNT 2.1 telnet/memory abuse (requires account)
outlook.dos W* N O Outlook Express 4.7x - fragment attachment
nt-winsd.dos Wt S O NT WINS consume resources via error logging
ntaddatm.dos Wt C O NtAddAtom bug causes BSOD (SP3)
timeserv.dos Wt N O NT timeserv.exe consume 100% resources
netxray.dos W* N O NetXray 2.6 crash software, force reboot
dnskillr.dos Wn N O Linux script: DOS against WinNT DNS port (cpu = 100%)
nt-raspp.dos Wn N O NT RAS PPTP - fragment causes coredump
nt-telnt.dos Wn N O NT telnetd - portscan freezes service
nt-memll.dos Wn N O NT memory leak by filling fragment queue
nt-53.dos Wn N O Modify AnswerCount in packet to stop data to NT machine
nt-135.dos Wn N O DOS via NT port 135 - overflow (CPU = 100%)
nt-137.dos Wn N O Port 137 (wins) - WINS Server shut down
nt-139.dos Wn N O Sending OOB data to port 139 will crash NT (even SP3)
nt-1031.dos Wn N O Port 1031 (inetinfo.exe) - overflow (CPU = 100%)
nt-at.dos Wn C O NT scheduler - submit bad job, create thousands of jobs
nt-dns19.dos Wn N O redirect chargen to NT DNS to cause access violation
nt-dos-1.dos Wn N O Take down NT Server by assuming IP
nt-pdcgr.dos Wn - O 3.51 non-priv user can create local groups on PDC
nt-pqid.dos Wn N O 4.0 DNS server will cache and pass incorrect IPs
nt-procs.dos Wn - O info on unpriv user getting max cpu time
nt-shar.dos Wn - O NT Shared network drive/ftp (CPU = 100%)
nt-sn-bp.dos Wn N O Modify Sequence Number in packet to stop data to NT machine
nt-udp.dos Wn N O UDP Flood NT Box via port 19, spoofing, create flood
ntcrash2.dos Wn N O NT Crash via 40 different APIs
ntfilelk.dos Wn S O Program to lock any file on NT - no one can use file
ntfilec.dos Wn Nx O NT File caching algorithm problem
ntlogin.dos Wn N O NT deny login ability via malformed packets
ntrofail.dos Wn N O 4.0 remotely crashed with r/o access from linux system
311-att.dos W3 - O Win311 AT&T Dialup Networking DOS
w95-ping.dos W9 N O emulate w95 - ping with large packets to kill unix boxes
w139-oob.dos W* N O OOB data sent to port 139 on Win machines crashes it
jolt.dos W9 N O Ping-of-Death II - freeze via oversized packet
latierra.dos W* N O spoof IP + port as source + randomize (land.c)
java-95.dos W9 N O reboot Win95 via java applet (fl00d.class)
iis-crsh.dos W* N O IIS Crash/hang (msbomb.c)
iisnewds.dos W* N O newdsn.exe allows creation of *.mdb files anywhere
aim17466.dos W* N O AOL Instant Messenger 1.7.466 crash client
icq-1.dos W* N O Crash ICQ (and Windows) with unexpected data
bonk.dos W* N O frag offset > hader length (bonk.c + boink.c)
hanson.dos W* - O MIRC client - force parse string of data - crash
boff-qr.dos W* N O MS BackOffice - query overflow - halt server
win-nk02.dos W* N O large ping variation - locks nt/95 boxes (not bluescreen)
wingate.dos W* N O WinGate - connect to localhost - exhaust resources
winsk20.dos W* N O Winsock 2.0 13 char crash
eudpro40.dos W* N O long file name kills IE40 and EudoraPro 4.0
iis-asp.dos W* N O IIS/ASP - remotely crash via malformed URL
im402pop.dos W* N O Imail 4.02 pop3d32.exe CPU 100%
im470115.dos W* N O Internet Mail 4.70.1155 - crash via e-mail
imail403.dos W* N O Imail 4.03 - remotely crash SMTP daemon
nt-smtp2.dos W* N O MDaemon 2.71/Exchange 5.0 - remotely crash SMTP/POP
newtear.dos W* N O smaller padding, faked UDP total length
mapisp32.dos W* N O MAPISP32 CPU 100% via attachment in POP mail
netstatw.dos W* C? O netstat.exe memory leak
ms-tcpip.dos W* N O bad packet ceases tcp/ip activity (FW, NT FWs, etc)
servuftp.dos W9 N O Serv-U FTP overflow + crash
slmail26.dos Wn N O SLMail 2.6 remote overflow + crash
syndrop.dos W* N O SYN Sequence bug + teardrop frag
sping.dos W* N O mimic Ping-of-Death via fragmented packet
iis20dos.dos Wn N O NT/IIS command overflow (spike CPU usage to 100%)
mspws202.dos W* N O MS Personal Web Server - remotely crash via BO
Netware OS A T // Novell Netware
-------
nw-pwc42.dos NW - O APCs Powerchute Plus v4.2 for Netware - SAP DOS
MacOS OS A T // MacOS (Apple)
-----
mactcpip.dos MO N O MacOS 7.1/8.0 TCP/IP Based DoS
mac-smtp.dos MO N O Crash various MacOS SMTP daemons
mo-eims.dos Mo N O EIMS 1.x/2.01 - crash daemon/machine
mo-web80.dos Mo N O Web Sharing in MacOS 8.x - kill web services
8x-synk.dos MO N O MacOS 8.x 'synk' command consume bandwidth
AIX OS A T // AIX by IBM
---
414-conn.dos A S O 4.1.4 TCP/IP Local DOS
415-1025.dos A N O AIX ttdbserver n-1 flood
aix-pod.dos A S O AIX and the ping of death
BSD OS A T // FreeBSD, BSDi, NetBSD, OpenBSD
---
bsd-zero.dos B* S O grep /dev/zero in tight loop freezes Free/OpenBSD
226-nlnk.dos fB S O freeBSD 2.2.6-STABLE NFS + link /dev/null freeze
23pctr-c.dos oB S O 2.3 pctr driver crash machine
bsd-ftpd.dos B N O BSDI/FreeBSD wu-ftpd remote nlist DoS
bsd-ping.dos B S O BSD ping -s2955 causes kernel panic
bsd-pkga.dos B S O bsd package add aborted at right time removes files
bsd-me.dos B* S O Force kernel panic by exhausting map entries
bsdinet.dos B* N O portscanners panic BSD based inetd
netapp.dos B* S O NetApp NFS panics with readdirplus call
fb-purep.dos Fb S O 2.2.x-stable - reboot via /bot in ircII w/ purepak
HPUX OS A T // HPUX
----
1020recs.dos HP N O HPUX 10.20 (recserv) remote/local kill service
1020rexe.dos HP N O HPUX 10.20 rexecd - lockout user
hp-fork.dos HP S O Fork call locallys causes complete shutdown of all service
hp-rplay.dos HP S O hp 10.01 rplay with no options causes crash
IRIX OS A T // IRIX (Silicon Graphics)
----
irixfing.dos Ir N O Irix 6.4/6.5 finger @@@@ denial
sgio2-63.dos Ir S O freeware prog 'crashme' crashes up to 6.5
53-cvpcs.dos Ir S O 5.3 /usr/etc/cvpcsd potential DoS
62-open.dos Ir S O open() will open any NFS file, block access to it
63-ncp.dos Ir S O Irix 6.3 unkillable frozen processes
xprop.dos Ir S d xprop will kill x users
Linux OS A T // Slackware, RedHat, Debian, etc
-----
rh5alpha.dos Lr S O Redhat for Alpha - force reboot
ipfwadm1.dos L* N O ipfwadm pseudo-DoS - IP Masquerading bug
2036-lin.dos L* S O Various 2.0.36 kernel DoS concerns
rh-lpr03.dos Lr N O lpr lpr-0.31-1 and lpr-0.33-1 remote denial
socksys.dos L S O /dev/socksys + head causes panic/reboot
rh51-mem.dos Lr S O 'dumpreg' utility causes kernel crash
20-pte.dos L* S O Linux 2.0 PTE memory/virtual page DoS
20xpanic.dos L S O 2.0.x MAX_STACK overflow - force panic
20xsigpi.dos L N O 2.0.x SIGPIPE - crash inetd via half open scan
dis_dma.dos L S O disable_dma() 2.1.x kernel - lock computer
kerneld.dos Lr S O Any user can load kernel modules
lin-long.dos L* S O longpath/MAXPATHLEN attack, create unremovable dirs
linlog.dos L S O Linux login denial (local)
mktemp.dos L S O mktemp() open max - DOS to pop3 and like apps [dave_m]
overdrop.dos L N O 2.0.33 printk abuse (overdrop.c)
rh-x11.dos Lr S O stop x-server - /tmp/X11 dir not 1777
rh-misc.dos Lr S O various attacks against RH: serial, console flood
rh-pass.dos Lr S O resource starvation on setuid passwd(1)
rpc-all.dos L* N O Remotely stop all RPC Services from answering
s33-psdv.dos Ls S O lock up keyboard on slack 3.2,3.3 system
sigurg.dos L S O kill any process, regardless of user
sr-crash.dos L S O Source Route exploit (DOS) 1.0.x - 1.3.x
Sun/Solaris OS A T // SunOS, Solaris, SolarisX86
-----------
26dtmail.dos So S O Solaris 2.6 dtmail - reboot
securnfs.dos Su N O SecureNFS mbuf denial (SunOS 4.x)
23-ndd.dos So S O 2.3 ndd causes kernel panic
24-cdrom.dos So S O 2.4 /vol/dev/aliases/cdrom0 ioctl() denial
251-ifcf.dos So S O unpriv user can take down entire LAN via ifconfig
251-loc.dos So S O 2.5.1 perl/escape sequence fries Ultra
25x-ping.dos So S O 2.5.x ping can reboot machine
25udprum.dos So ? O UDP cause host to answer/request itself (info)
251-kill.dos So S O 2.5.1 bad telnet and ^D overflow
414-tcx0.dos Su S O 4.1.4 /dev/tcx0 sparc20 denial
41x-dev.dos Su S O 4.1.x device -> crash
41x-kp-1.dos Su S O 4.1.x panic kernel if HSFS cdrom is mounted [8lgm-18]
41x-kp-2.dos Su S O 4.1.x panic kernel if a TMPFS is mounted [8lgm-8]
41x-kp-3.dos Su S O 4.1.x panic kernel via locore [8lgm-25]
s-socket.dos So S O Crash Solaris with connect()
24-inetd.dos So S O 2.4 inetd DOS possible
sol-ping.dos So S O 2.x ping with bad options crash sun
2x-syslg.dos So N O remotely kill syslog.dos via DNS error handling
251-ftpd.dos So S O 2.x FTP read(2) zero bytes from network
abook2.dos So N O 2.6 Answerbook2 dwhttpd/3.1a4 drop server
talk-dos.dos S S O nfo on DOS attack using talk
killsun.dos Su S O Reboot or simply hang Sun's and a few other systems
pinesun.dos Su S O pine w/ bad rc file causes system crash on suns
sparcdev.dos Su S O 4.1.4 /dev/zero redirect denial (sparc5/20)
sun-nis.dos Su S O info on Sun NIS overflow DOS
sunaudio.dos Su S O rsh & /dev/audio can reboot a sun
sunbash.dos Su S O Bash variables allow user to lockout other users
x86icebp.dos S* S O ICEBP Unexpected INT 1 - flood console
sparccpu.dos S* S O hang various sparc models
OSF, DGUX OS A T // OSF1, OSF2, DGUX
---------
du-xcd40.dos DU S O DU 4.0D cdfs bug : xcd eject FS Panic
osf1-dt1.dos DO S O OSF1 CDE bad perms - fill quota
dgux-1.dos Dg N O DGUX - remotely drop box (info/rumor)
2199ultr.dos Du N O Sending SACK packet kills Ultrix boxes
Misc Unix OS A T // Non-Unix Flavor Specific
---------
omnihttp.dos * N O OmniHTTPD fill HD force crash
proftpd1.dos * N O ProFTPD multiple dir kills
rainbow6.dos * S O Rainbow Six Multiplayer - crash server
webramp2.dos * N O WebRamp dialup: crash or change IP
r-bootpd.dos U* N O bootpd daemon - remotely crash
eyscript.dos U* S O January SysAdmin EY script DoS bug
iplogr11.dos U* N O IPLogger 1.1 remote forkbomb attack
serialpp.dos U* N O SerialPOP - long SMTP name crashes
rsh-zero.dos U* S O linking .rhosts to /dev/zero + IMAP/POP
ra-5teln.dos U* N O 30 lines input to RA5 server crashes
qs-spoof.dos U* N O Qmail/Sendmail spoofed packet attack
osf-dce.dos U* N O secd buffer overflow - shutdown service
irc-74p4.dos U* I O ircii-pana/BitchX 74p4 crash client
dhcp1020.dos U* N O DHCP 1.0/2.0 crash server
boom.dos - S O getsockopt() bug to crash Sun and AT&T machines
ecash-1.dos * N O prevent ecash account use until arbitrary future date
fing-rec.dos * N O uses finger with @@@ arguments to lag system
edquota.dos U* S O edquota(8) - various DoS attacks
gen-dir.dos U* S O general recursive dir attack
gen-file.dos U* S O general file create attack - files have no inode info
gen-mem.dos U* S O general malloc/fork attacks
gen-serv.dos U* S O general remote denial of service/port
intelkil.dos * S O Lock up Intel Pentium CPU on most platforms
incomsat.dos * N O in.comsat remote forge udp packets, local fork bomb
inetd.dos * N O multiple requests to inetd will cause it to hang
listserv.dos * N O due to many overflows, remote user can shut down listserv
libc-fd.dos U* S O libc 5.4.33/glibc 2.0 block fd use
perl-den.dos * S O Use perl to crash system
pgp263-1.dos * - O pgp 2.6.3ia generate key with dupe keyid - overwrite existing
pmap408.dos U* N O portmap 4.0-8 random junk - slow machine to crawl
poweratx.dos * S O Power ATX 233mhz board/chip - force power off
radius1.dos U* N O append space to username, crash radiusd
radius2.dos U* N O any passwd length over 128 chars crashes radiusd
radiusd.dos U* N O info on possible radiusd DOS attack
rout-ras.dos * N O Routing and RAS service ruleset allows remote DoS
scrn371a.dos * S O Screen-3.7.1 deny other users access to screen
ssh-1217.dos * N O ssh 1.2.17/linux 2.0.x remote ssh connects cause DOS
udpinetd.dos * S O local inetd will hang with correctly forged UDP packets
xtacacs.dos * N O XTACACS - crash via ICMP messages
spiffit.dos U* N O in.comsat + 'biff y' denial/flood
rwhokill.dos U* S O kill RWHO service locally
pppdrop.dos * N O PPP drop causes DOS attack against ssh
pwd-wait.dos * N O Password wait DOS attack against ssh
sco-htfs.dos Uw S O SCO Openserver unlink FS crash
TCP/IP OS A T // TCP/IP, ICMP, Generic Floods
------
nestea.dos * N O "off by one ip header" in ip frag code
synflood.dos * N O SYN Flood - spoof IP so ACK isn't received
fraggle.dos * N O UDP broadcast - spoof broadcast addresses
smurf.dos * N O TCP/IP broadcast - spoof broadcast addresses
icmp-dos.dos * N O ICMP Echo Reply Flood info
icmpecho.dos - N O ICMP Echo - broadcast address amplification
ethicmpf.dos * N O fake an ICMP unreachable message
teardrop.dos * N O IP Frag Overlap Bug (teardrop.c)
locktcp.dos * N O lock machine via any service displaying banner (pop/login/etc)
Mail OS A T // Qmail, Sendmail, Pine, Elm, etc
----
smail892.dos U* N O Sendmail 8.9.2 redirect & header attack
qmail-an.dos U* S O qmail anonymous file system denial
qmail-1.dos * S O qmail-smtd doesn't check bounds on data field
qmail-2.dos * S O qmail-smtd doesn't check bounds on RCPT field
pinelock.dos U* S O log user out/kill pid, via pine /tmp file
pine-pid.dos * S O pine can be used to lock out user from reading mail
885-l1.dos * S O Sendmail 8.8.5 recipient no limit
exmh-bo.dos U* N O exmh 2.0.2 long 'from' string hangs reader
pine-rem.dos U* N O Remotely crash PINE sessions with long From string
IRC OS A T // Unix based IRC Client/Servers
---
bx-crakr.dos * I O bitch/xcrackrock - cause segfault via irc channel topic
ircd2821.dos * S O ircd2.8.21 buffer overflow - force segfault
ircd29a6.dos * S O ircii-2.9alphta6 buffer overflow - CPU consume
libc-irc.dos * I O /dcc option to crash ircII server
bx-joinc.dos * I O BitchX pre 7.4 - force disconnect via chan mode
bx-ircii.dos U* I O ircII/BitchX remote buffer overflow crashes client
ircnn13.dos U* I O ircnn-1.3devel (newnet) /quote option crashes server
mirc54.dos Ir N O MIRC 5.4 remote resume dcc crash
DNS OS A T // Domain Name Service
---
bind495p.dos * N O Bind 4.9.5-P1 Max CPU usage via port 53
named.dos * N O info on crashing bind via multiple updates in one packet
dns-deny.dos * N O info on hitting DNS server with requests
X-Windows OS A T // Any/All X-Windows systems
---------
xkill.dos U* X O xkill param to kill other window - no id checking
xfmchoos.dos U* N O Xfree 3.3 - stop local display remotely
xfree86.dos U* S O Xfree86 unpriv user can block any (priv) port
xterm-c.dos U* X O escape sequence will crash xterm
Apache OS A T // Apache Web Server
------
mimeflod.dos U* N O Apache 1.2.5 Mime header flood
ya-apach.dos U* N O "sioux" attack - apache memory leak
ap-12x-3.dos U* N O apache < 1.2.x multiple long slash URLs - CPU Hit
ap-12x-5.dos U* N O apache < 1.2.x mod_proxy - force core dumps
beck1.dos U* N O Apache 1.2.x - load average spike via malformed URL
beck2.dos U* N O Apache 1.2.x - load average spike via malformed URL
Oracle/SQL OS A T // Oracle, SQL and related apps.
------
oracnerp.dos * N O Oracle 8 'nerp' attack (port 1521/1526)
msql-lib.dos * N O MSQL libmsql denial
o8-tnsls.dos * N O Oracle 8.0.4.0.0-Production telnet 1521 consume resources
orasqlv1.dos U* N O Oracle Sql*Net v1/Dynix rapid connect
orac-w21.dos * N O oracle web server 2.1 DOS via perl/netcat
mysql11.dos U* N O MYSQL dist >= 3.22.00 rapid connect
msql-201.dos * N O mSQL 2.0.1 remotely kill service
msql-tel.dos * N O mSQL 1.0.16/MySQL 3.20.20 remotely deny query ability
Quake OS A T // Quake and ID Software
-----
quakecli.dos * N O Quake client killer - udp flood
nquake-s.dos U* N O Netquake protocol - spoof to sim smurf attack
qw-210.dos U* N O QuakeWorld 2.10 segfault via connect
q2-127.dos U* N O Quake2 - spoof 127.0.0.1 packet - recursive
q2-27910.dos U* N O Quake2 - spoof source port - recursive
q2-xff.dos U* N O Quake2 - bad connect string - crash server
q1-reli.dos U* N O Quake1 - overflow client socket
Other OS A T // Everything Else
-----
pnservr.dos - N O Progressive Networks Real Video Server - crash
den-list.dos - - O denial list - ISS checks for these
aol-4x.dos - N O AOL 4.x background image name e-mail crash
mod-ath.dos * N O Ping with embedded "+++" can remotely hang up modem users
hp5-snmp.dos - N O Remotely disable 5M/5N printers with valid SNMP command
Copyright 1999 Brian Martin. All rights reserved.
Send Feedback