Cassandra NNTPServer Subject to DoS
Reported May 1, 2000 by
USSRLabs
VERSIONS EFFECTED
  • NNTPServer Version v1.10

DESCRIPTION

The NNTP service, which listens on port 119, contains an unchecked buffer that could allow an attacker to crash the service.

DEMONSTRATION

By sending a large buffer of approximately 10,000 characters in conjunction with the AUTHINFO command, the NNTP service (on port 199) can be made to crash.

AUTHINFO user \[ 10000 chars \]

VENDOR RESPONSE

Atrium Software International is aware of this issue, however no response was known at the time of this writing.

CREDITS
Discovered and reported by
USSRLabs