Vulnerability

    rexecd/rshd

Affected

    Denicomp REXECD/RSHD

Description

    Following  is  based  on   a  Strumpf  Noir  Society   Advisories.
    Denicomp's  REXECD   and  RSHD   products  are   ports  of   their
    counterparts on Unix-based systems,  allowing the use of  the rcp,
    rsh and rexec commands on machines running MS Windows.

    There  exists  a  problem  in  the port-handling code of mentioned
    products which  exposes the  services provided  by these  to a DoS
    attack.

    When a string of +/- 4300  bytes is sent to the listening  port of
    the REXEC and/or RSH daemons  (defaulting to the standard 512  and
    514 ports), the service in question will die.

    A restart will be needed to regain full functionality.

    Vulnerable (tested):

        - Denicomp Winsock RSHD/NT v2.18.00 (Intel)
        - Denicomp Winsock RSHD/NT v2.17.07 (DEC Alpha)
        - Denicomp Winsock REXECD/NT v1.05.00 (Intel)
        - Denicomp Winsock REXECD/NT v1.04.08 (DEC Alpha)
        - Denicomp Winsock RSHD/95 v2.18.03
        - Denicomp Winsock REXECD/95 v1.00.02

    Earlier versions are expected to be vulnerable as well, users  are
    encouraged to upgrade.

Solution

    Vendor  has  been  notified  and  has  verified this problem.  New
    versions  of  these  products  will  be released from the vendor's
    website shortly.