AOH :: HP Unsorted N :: B1A-1640.HTM

NetWordDLS Finger Server DoS



- NetWordDLS Finger Server Denial of Service
- NetWordDLS Finger Server Denial of Service



[DCA-0009 - NetWordDLS Finger Server Denial of Service]

[Software]
- NetWordDLS Finger Server

[Vendor Product Description]
- A windows server application that reports back to users the machine
name and the current logged on user

[Bug Description]
- Server does not validate the input size leading to a Denial Of
Service flaw while sending more than 4095 characters to it.

[History]
- Advisory sent to vendor on 06/20/2010.
- No vendor response
- Advisory publised on 08/01/2010

[Impact]
- Low

[Affected Version]
- Finger Server 1.0
- Prior versions may also be vulnerable

[Vendor Reply]


[Codes]



----------------------------------------------------------------------------------------

[Credits]
Ewerson Guimaraes (Crash)
Pentester/Researcher
DcLabs Security Team
www.dclabs.com.br 

[Greetz]
ipax and all DcLabs members.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.