[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : ImageCast IC3 Control Center DoS

Title: ImageCast IC3 Control Center DoS
Released by: Defcom Labs
Date: 8th January 2001
Printable version: Click here
======================================================================

                   Defcom Labs Advisory def-2001-01



                ImageCast IC3 Control Center DoS



Author: Peter Gründl 

Release Date: 2001-01-08

======================================================================

------------------------=[Brief Description]=-------------------------

ImageCast, a rapid-PC-deployment tool, much like Ghost, has problems

handling malformed input. These problems can result in a DoS against

the ImageCast Control Center.



------------------------=[Affected Systems]=--------------------------

- ImageCast V4.1.0



----------------------=[Detailed Description]=------------------------

Sending a string of approx. 50Kb to the ICCC service (TCP port 12002)

results in the server consuming all available CPU and no longer

accepting connections to that port.



Sending multiple packets to port 8081 starting from size 14000 bytes

(+carriage return & linefeed), results in a warning box being opened

for each connection, and will eventually (after approx 326 packets)

result in the OS killing ICCC.exe within a very short time.



---------------------------=[Workaround]=-----------------------------

None known. The vendor, Storagesoft Inc., can be contacted through

their website at http://www.storagesoft.com/corporate/contact.asp.

Please refer to the incident number ([Incident:main 001222-0002]),

if you contact Storagesoft regarding this issue.



-------------------------=[Vendor Response]=--------------------------

This issue was brought to the vendor's attention on the 21st of

December and assigned incident number [Incident:main 001222-0002].

Three emails were exchanged and here is a snippet from the

correspondance:



"At 12/29/2000 02:16 PM we wrote - Peter, this is an issue that will

be dealt with in a future version of Imagecast. The information you

have provided has been forwarded to the product manager. It has been

closed so it is no longer in the tech support database since it is

an issue that can currently only be fixed through code changes in

the program."



Attempts to find out which version this would be, and when it would

be released, resulted in this reply:



"At 01/04/2001 03:30 PM we wrote - We currently do not have the data

as to which version it will be done with.  We will most likely be

unable to provide that information until a the very least 1 to 2

weeks before a release.  We cannot release a product with out

testing for specifics.  At the very least we are trying to get more

time to test before release dates."



======================================================================

             This release was brought to you by Defcom Labs



               labs@defcom.com             www.defcom.com

======================================================================








(C) 1999-2000 All rights reserved.