Crashing CSM Proxy and NT
Reported July 16, 98 by S.A.F.E.R. on BugTraq

SYSTEMS AFFECTED
  • Windows NT and Windows 95
  • CSM Proxy Server 4.1

DESCRIPTION

CSM Proxy accepts connection, even accepts username/password, and then checks if user is authorized (depending on source IP address) to access proxy server at all. This allows any user on Internet/Intranet to connect to port 21, send characters and crash the CSM Proxy server along with Windows NT. If CSM Proxy is located behind a firewall, only Intranet users are a threat.

HOW IT WORKS

If users sends 1030 characters or more to the FTP port (21), CSM Proxy will crash, and raise CPU usage to 100%. Restart of the proxy (Win95) or reboot (NT) is needed in order to recover system functionality.

CSM"S RESPONSE

They have been notified -- stay tuned to their Web site for a patch.

To learn more about new NT security concerns, subscribe to NTSD.

Credit:
Reported by: S.A.F.E.R on BugTraq
Posted here at NTSecurity.Net July 16, 1998