Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Security App Flaws :: csm.htm

CSM Proxy crash



Vulnerability

    CSM Proxy

Affected

    Win NT, Win 9x with CSM Proxy 1.4

Description

    Following info is based on S.A.F.E.R. Security Bulletin.  If users
    sends 1030 characters or more to the FTP port (21), CSM Proxy will
    crash, and raise CPU usage  to 100%. Restart of the  proxy (Win95)
    or reboot (NT) is needed in order to recover system functionality.

    CSM Proxy accepts connection, even accepts username/password,  and
    then checks if user is authorized (depending on source IP address)
    to  access  proxy  server  at   all.  This  allows  any  user   on
    Internet/Intranet to connect to port 21, send characters and crash
    the  CSM  Proxy  server  along  with  Windows  NT. If CSM Proxy is
    located behind a firewall, only Intranet users are a threat.

Solution

    CSM has  been notified  and it  is expected  that CSM will publish
    updated version soon.  Their pages are located at:

        http://www.csm-usa.com
        http://www.csm.co.at


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH