TUCoPS :: Security App Flaws :: ridewa.htm

RideWay PN proxy - telnet DoS
Vulnerability

    RideWay PN

Affected

    RideWay PN

Description

    Following is based on a Strumpf Noir Society Advisories.   RideWay
    PN is a  proxy server application  that enables multiple  users to
    share resources  and files  and that  allows users  to access  the
    Internet simultaneously through one shared Internet connection.

    When Rideway PN is running with the telnet proxy service  enabled,
    sending several random streams  of data to this  port (default=23)
    can cause the server to deny access to all services.

    Below is  the response  in the  RPN logs  after sending 5 requests
    containing basically you're home-grown 200 byte buffer.

        11/06/00 18:12:57 Error(11001): WSAHOST_NOT_FOUND
        (gethostbyname)(NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN)
        (DnsNameToIP)
        11/06/00 18:12:57 Connect(1): need secure dest
        NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN/06/00
        18:12:57 Connect(1): need secure dest
        NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN/06/00
        18:13:01 Error(11001): WSAHOST_NOT_FOUND
        (gethostbyname)(NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN)
        (DnsNameToIP)
        11/06/00 18:13:01 Connect(1): need secure dest
        NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN/06/00
        18:13:01 Connect(1): need secure dest
        NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN/06/00
        18:13:05 Error(11001): WSAHOST_NOT_FOUND
        (gethostbyname)(NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN)
        (DnsNameToIP)
        11/06/00 18:13:05 Connect(1): need secure dest
        NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN/06/00
        18:13:05 Connect(1): need secure dest
        NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN/06/00
        18:36:20 Debug: ============ Initialize RideWay PN Server (161) ============

    After  this  you'll  find  the  services  on the system are frozen
    untill the server is restarted.

    This problem was tested against Rideway PN v6.22 running on
    Win95/98/NT/2K.

Solution

    Vendor was notified twice, but has yet to respond.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH