Reported October 1, 2003 by Bahaa Naamneh.

 

 

VERSIONS AFFECTED

 

OmniCom Technologies' winShadow 2.0

 

DESCRIPTION

 

winShadow 2.0 contains multiple vulnerabilities, the most serious of which can permit an attacker to execute arbitrary code on the master client and remotely crash the server. According to the discoverer, the process that handles the hostname parameter, which is read from the host files (*.osh), causes a buffer overflow if approximately 250 bytes of data pass after this parameter. Also, by connecting to the server and issuing a long username or password, a malicious user can cause the server to crash and refuse any further connections until the server is closed down through logoff or reboot.

<span style="font-family:Verdana"> </h3>

VENDOR RESPONSE

 

<span style="font-family:Verdana"><a href="http://www.omnicomtech.com/" style="color: blue; text-decoration: underline; text-underline: single">OmniCom Technologies</a> has been notified.</h3>

 

CREDIT                                                                                                       

 

Discovered by Bahaa Naamneh.