[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : DoS in BrowseGate(Home) v2.80(H)

Title: DoS in BrowseGate(Home) v2.80(H)
Released by: Delphis Consulting Plc
Date: 18th September 2000
Printable version: Click here 
============================================================================

    Delphis Consulting Plc

============================================================================



   Security Team Advisories

       [18/09/2000]



    securityteam@delphisplc.com

  [http://www.delphisplc.com/thinking/whitepapers/]



============================================================================

Adv     :       DST2K0031

Title   :       DoS in BrowseGate(Home) v2.80(H)

Author  :       DCIST (securityteam@delphisplc.com)

O/S     :       Microsoft Windows Nt 2000 Professional (SP1)

Product :       BrowseGate(Home) v2.80(H)

Date    :       18/09/2000



I.    Description



II.   Solution



III.  Disclaimer





============================================================================



I. Description

============================================================================



Vendor URL: http://www.netcplus.com/



Delphis Consulting Internet Security Team (DCIST) discovered the following

vulnerability in Browsegate under Windows NT.



Severity: medium



It is possible to cause Browsegate to crash with an invalid read error.

This is done by connecting to port 80 upon which the HTTP proxy listens

on and sending the following.



GET / HTTP/1.0

Authorization: Basic(A x 8k)

From: dcist@delphisplc.com

If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT

Referer: http://www.delphisplc.com/(A x 8k)

UserAgent: DCIST Browser 1.1





This will cause an error brwgate.exe to crash with it's own error handler

twice complaining that memory can not be written or read.



II. Solution

============================================================================



Vendor Status: Informed



Delphis have worked with NetCPlus to resolve the above issue and are happy

to

announce that a patch is availible from their web site:



Site: http://www.netcplus.com

Version: v2.80.001



Delphis would like to take this oppertunity to thank Ian Turner and the

developers at Netcplus at the speed they responded.



III. Disclaimer

============================================================================

THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT

THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS OR

IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS.  NEITHER THE AUTHOR NOR THE

PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR

CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR RELIANCE

PLACED ON, THIS INFORMATION FOR ANY PURPOSE.

============================================================================






(C) 1999-2000 All rights reserved.