def-2001-08: Netscape Collabra DoS

[Peter Gründl <peter.grundl () DEFCOM COM>]

======================================================================
                  Defcom Labs Advisory def-2001-08

          Netscape Collabra DoS

Author: Peter Gründl <peter.grundl () defcom com>
Release Date: 2001-02-26
======================================================================
------------------------=[Brief Description]=-------------------------
By sending malicious packets to the Netscape Collabra Server, it can
be brought to consume all available memory and CPU.

------------------------=[Affected Systems]=--------------------------
- Netscape Collabra Server V3.54 for Windows NT

----------------------=[Detailed Description]=------------------------
The collabra server listens on the following TCP ports per default:
119, 5238, 5239 and 20749.

By sending approx. 5kb of A's to TCP port 5238 and then terminating
the connection, you will cause two handles to be be allocated and
approx. 4-5kb kernel memory per connection. The ressources are not
freed again, so the attack can take place very slowly and eventually
it will consume all available memory.

By sending a null character followed by seven or more characters to
TCP port 5239, you will cause the process srchs.exe to spike at 100%
CPU usage.

---------------------------=[Workaround]=-----------------------------
Filter TCP ports 5238 and 5239 from untrusted networks, and contact
Netscape Support, if you need further assistance.

-------------------------=[Vendor Response]=--------------------------
The Vendor was contacted January 4th, 2001 and then again four times
via phone and email. There is still no indication that the vendor
intends to fix this problem.

======================================================================
            This release was brought to you by Defcom Labs

              labs () defcom com             www.defcom.com
======================================================================