Lucene search
K

defcom.imagecast.txt

🗓️ 09 Jan 2001 00:00:00Reported by Defcom LabsType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 34 Views

ImageCast has DoS vulnerabilities when handling malformed input, affecting Control Center operations.

Code
`======================================================================  
Defcom Labs Advisory def-2001-01  
  
ImageCast IC3 Control Center DoS  
  
Author: Peter Gründl <[email protected]>  
Release Date: 2001-01-08  
======================================================================  
------------------------=[Brief Description]=-------------------------  
ImageCast, a rapid-PC-deployment tool, much like Ghost, has problems  
handling malformed input. These problems can result in a DoS against  
the ImageCast Control Center.  
  
------------------------=[Affected Systems]=--------------------------  
- ImageCast V4.1.0  
  
----------------------=[Detailed Description]=------------------------  
Sending a string of approx. 50Kb to the ICCC service (TCP port 12002)  
results in the server consuming all available CPU and no longer  
accepting connections to that port.  
  
Sending multiple packets to port 8081 starting from size 14000 bytes  
(+carriage return & linefeed), results in a warning box being opened  
for each connection, and will eventually (after approx 326 packets)  
result in the OS killing ICCC.exe within a very short time.  
  
---------------------------=[Workaround]=-----------------------------  
None known. The vendor, Storagesoft Inc., can be contacted through  
their website at http://www.storagesoft.com/corporate/contact.asp.  
Please refer to the incident number ([Incident:main 001222-0002]),  
if you contact Storagesoft regarding this issue.  
  
-------------------------=[Vendor Response]=--------------------------  
This issue was brought to the vendor's attention on the 21st of  
December and assigned incident number [Incident:main 001222-0002].  
Three emails were exchanged and here is a snippet from the  
correspondance:  
  
"At 12/29/2000 02:16 PM we wrote - Peter, this is an issue that will  
be dealt with in a future version of Imagecast. The information you  
have provided has been forwarded to the product manager. It has been  
closed so it is no longer in the tech support database since it is  
an issue that can currently only be fixed through code changes in  
the program."  
  
Attempts to find out which version this would be, and when it would  
be released, resulted in this reply:  
  
"At 01/04/2001 03:30 PM we wrote - We currently do not have the data  
as to which version it will be done with. We will most likely be  
unable to provide that information until a the very least 1 to 2  
weeks before a release. We cannot release a product with out  
testing for specifics. At the very least we are trying to get more  
time to test before release dates."  
  
======================================================================  
This release was brought to you by Defcom Labs  
  
[email protected] www.defcom.com  
======================================================================  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation