Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Security App Flaws :: csm.htm

CSM Proxy crash

    CSM Proxy


    Win NT, Win 9x with CSM Proxy 1.4


    Following info is based on S.A.F.E.R. Security Bulletin.  If users
    sends 1030 characters or more to the FTP port (21), CSM Proxy will
    crash, and raise CPU usage  to 100%. Restart of the  proxy (Win95)
    or reboot (NT) is needed in order to recover system functionality.

    CSM Proxy accepts connection, even accepts username/password,  and
    then checks if user is authorized (depending on source IP address)
    to  access  proxy  server  at   all.  This  allows  any  user   on
    Internet/Intranet to connect to port 21, send characters and crash
    the  CSM  Proxy  server  along  with  Windows  NT. If CSM Proxy is
    located behind a firewall, only Intranet users are a threat.


    CSM has  been notified  and it  is expected  that CSM will publish
    updated version soon.  Their pages are located at:

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH