Lucene search
K

nt+exceed.DoS.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 26 Views

Exceed X emulator on Windows NT allows DoS attack via TCP port 6000 connection freeze.

Code
`Date: Tue, 27 Apr 1999 13:29:26 -0700  
From: "LaFournaise, Chris J." <[email protected]>  
To: [email protected]  
Subject: NT/Exceed D.O.S.  
  
This is regarding Hummingbird's Exceed X emulator v5 (and possibly v6)  
running on Windows NT. I haven't tested Win95/98.  
  
The Exceed X server allows inbound TCP connections on port 6000 from the XDM  
host. If someone uses telnet from the XDM host to connect to a PC running  
Exceed on port 6000 and enters any garbage text, the X server will hang and  
the Exceed session is frozen for good.  
  
I have notified Hummingbird via their tech support web site but have not  
received a response yet.  
  
Chris LaFournaise  
[email protected]  
  
----------------------------------------------------------------------------  
  
Date: Wed, 28 Apr 1999 23:34:26 +0100  
From: Steve <[email protected]>  
To: [email protected]  
Subject: Re: NT/Exceed D.O.S.  
  
> This is regarding Hummingbird's Exceed X emulator v5 (and possibly v6)  
> running on Windows NT. I haven't tested Win95/98.  
>  
> The Exceed X server allows inbound TCP connections on port 6000 from the XDM  
> host. If someone uses telnet from the XDM host to connect to a PC running  
> Exceed on port 6000 and enters any garbage text, the X server will hang and  
> the Exceed session is frozen for good.  
  
As far as I know, a variation of that bug has been present in all versions  
>from the early Exceed for MS-Dos onwards. I stumbled on it 5 years ago when  
I was a student, so I didn't know whether it was a configuration error or a  
bug.  
I don't think I managed to permanently freeze the connection then, but it  
was certainly possible to freeze it for as long as you left the telnet  
connection to port 6000 open. If I remember correctly, it didn't use to  
be just the XDM host that could make the connection, you could freeze Exceed  
>from any host. I guess that would depend on the setting of the 'Host Access  
Control List' field.  
  
For the record, I've just tested Exceed v6 under Windows 98 and it still has  
the same effect. I also tested setting Exceed to only allow a given machine  
to connect, and I can still freeze it by telnetting from another machine  
in another subnet...  
I didn't manage to freeze it beyond the telnet session to port 6000 though.  
  
Steve.  
  
----------------------------------------------------------------------------  
  
Date: Thu, 29 Apr 1999 09:23:11 -0600  
From: Max Norris <[email protected]>  
To: [email protected]  
Subject: Re: NT/Exceed D.O.S.  
  
I wasn't able to duplicate a mini-DOS running eXceed 6.0.2.0 on NT 4.0 SP4.  
  
Steps:  
On NT machine, opened xterm session  
Went to box that I just opened the session with, type in TELNET <my_ip_addr> 6000  
The eXceed program hung for about 2 minutes as the host tried to connect to it, but everything else still worked in NT.  
After attempting to connect, it will say it is connected for about 2 seconds and then states "Connection closed by foreign  
host".  
After that the eXceed session resumed and I was able to close out gracefully.  
  
Max Norris  
[email protected]  
  
>>> "LaFournaise, Chris J." <[email protected]> 04/27 2:29 PM >>>  
This is regarding Hummingbird's Exceed X emulator v5 (and possibly v6)  
running on Windows NT. I haven't tested Win95/98.  
  
The Exceed X server allows inbound TCP connections on port 6000 from the XDM  
host. If someone uses telnet from the XDM host to connect to a PC running  
Exceed on port 6000 and enters any garbage text, the X server will hang and  
the Exceed session is frozen for good.  
  
I have notified Hummingbird via their tech support web site but have not  
received a response yet.  
  
Chris LaFournaise  
[email protected]  
  
----------------------------------------------------------------------------  
  
Date: Wed, 28 Apr 1999 17:39:00 -0700  
From: Ian Westcott <[email protected]>  
To: [email protected]  
Subject: Re: NT/Exceed D.O.S.  
  
On Tue, Apr 27, 1999 at 01:29:26PM -0700, LaFournaise, Chris J. wrote:  
> This is regarding Hummingbird's Exceed X emulator v5 (and possibly v6)  
> running on Windows NT. I haven't tested Win95/98.  
>  
> The Exceed X server allows inbound TCP connections on port 6000 from the XDM  
> host. If someone uses telnet from the XDM host to connect to a PC running  
> Exceed on port 6000 and enters any garbage text, the X server will hang and  
> the Exceed session is frozen for good.  
  
I just tested Exceed v6.0 under Win95, and it is vulnerable.  
--  
  
Ian Westcott | Fly away to a Rainbow in the sky.  
[email protected] | Gold is at the end for each of us to find.  
-==(UDIC)==- | There the road begins where another one will end.  
Rakarra@FurryMUCK, IRC | Here the four winds know,  
Dragon Code: DC.D f+ | Who will break and who will bend.  
s- h- Cgold>Red a $ | All to be the Master of the Wind.  
  
----------------------------------------------------------------------------  
  
Date: Wed, 28 Apr 1999 13:57:51 -0700  
From: Matt Wilbur <[email protected]>  
To: [email protected]  
Subject: Re: NT/Exceed D.O.S.  
  
Exceed (an X server, not an X emulator) version 6.0.1.0 on NT appears to  
have fixed this problem, somewhat...  
  
Telnetting to port 6000 locks the server up for 20-30 seconds, but it  
recovers eventually. Not surprisingly, using netcat has the same effect...  
although, contrary to Chris's findings with Exceed 5, I didn't need to send  
any garbage characters, the connection alone did the job. Also, it works  
>from any host, not just the one the xdm session had been initiated with,  
regardless of host access settings in Xconfig, Exceeds "configuration" tool.  
  
  
I'd still consider this DoS-bait, when you imagine a one-liner to  
continuously connect to port 6000 of your favorite Exceed user's machine.  
  
Matt Wilbur  
  
[snip]  
>  
> This is regarding Hummingbird's Exceed X emulator v5 (and possibly v6)  
> running on Windows NT. I haven't tested Win95/98.  
>  
> The Exceed X server allows inbound TCP connections on port  
> 6000 from the XDM> host. If someone uses telnet from the XDM host to  
connect to  
> a PC running Exceed on port 6000 and enters any garbage text, the X server  
  
> will hang and the Exceed session is frozen for good.  
>  
> I have notified Hummingbird via their tech support web site  
> but have not received a response yet.  
>  
> Chris LaFournaise  
> [email protected]  
>  
  
----------------------------------------------------------------------------  
  
Date: Thu, 29 Apr 1999 11:54:14 -0700  
From: Jamie Lawrence <[email protected]>  
To: [email protected]  
Subject: Re: NT/Exceed D.O.S.  
  
I couldn't reproduce either effect with Exceed 6.1 under NTsp3.  
Everything behaved normally, both for new and existing sessions.  
  
-j  
  
----------------------------------------------------------------------------  
  
Date: Fri, 30 Apr 1999 16:20:21 -0400  
From: Andrew Pitman <[email protected]>  
To: [email protected]  
Subject: Re: NT/Exceed D.O.S.  
  
Jamie,  
  
Ditto for 6.1 on Win95. Appears to be fixed in 6.1, among other bugs,  
including an incompatibility with DEC Windows that was causing problems at  
my shop.  
  
Andrew  
--  
"The wonderful thing about standards is that there are so  
many to choose from."  
(Andrew S. Tanenbaum)  
+-----------------------------+---------------------------------+  
| Andrew Pitman | Management Information Systems, |  
| Unix System Administrator/ | Technology Operations Support |  
| Webmaster | at Rowan University |  
+-----------------------------+---------------------------------+  
  
----------------------------------------------------------------------------  
  
Date: Sat, 1 May 1999 19:26:34 -0500  
From: David Poythress <[email protected]>  
To: [email protected]  
Subject: Re: NT/Exceed D.O.S.  
  
This seems to have been fixed at some point, connecting and/or spewing  
random data to exceedhost 6000-6010 has no discenrible effect on exceed  
6.1.0 under win98 or NTsp4.  
  
A denial of service is still possible though: Exceed defaults to allowing  
128 connections from the xdm host, but counts a telnet connection as though  
it were a connection from a valid X client. Once the max number of  
connections is reached, subsequent attempts to the X port range are refused.  
  
--  
David Poythress [email protected]  
  
"Grammar, which controls even kings ..." --Moliere  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
26