Vulnerability

    CSM Proxy

Affected

    Win NT, Win 9x with CSM Proxy 1.4

Description

    Following info is based on S.A.F.E.R. Security Bulletin.  If users
    sends 1030 characters or more to the FTP port (21), CSM Proxy will
    crash, and raise CPU usage  to 100%. Restart of the  proxy (Win95)
    or reboot (NT) is needed in order to recover system functionality.

    CSM Proxy accepts connection, even accepts username/password,  and
    then checks if user is authorized (depending on source IP address)
    to  access  proxy  server  at   all.  This  allows  any  user   on
    Internet/Intranet to connect to port 21, send characters and crash
    the  CSM  Proxy  server  along  with  Windows  NT. If CSM Proxy is
    located behind a firewall, only Intranet users are a threat.

Solution

    CSM has  been notified  and it  is expected  that CSM will publish
    updated version soon.  Their pages are located at:

        http://www.csm-usa.com
        http://www.csm.co.at