Denial of Service | Core Security

This module exploits the vulnerabilities detailed in Core Security Technologies advisory CORE-2004-0802 to shutdown the Network News Transfer Protocol (NNTP) service on IIS and Exchange servers. The bugs exploited are present in the parser and query translator for the XPAT command.

This module exploits a denial of service vulnerability that results because IIS 7.5 do not correctly handle an error condition when receives a specially crafted FTP Telnet IAC packet.

This exploit forces the IIS process inetinfo.exe to throw an unhandled exception. IIS' behavior depends on the operating system version, its configuration and the system-wide debugger specified in the registry. By default, on IIS versions 5.0, 5.1 and 6 the server will automatically restart. However if a JIT debugger is configured in the target system a message box will pop up in the console and the server will not be restarted (and continues to process requests) until a user presses [OK]. On IIS version 7 by default the server will not restart. For this exploit to be successful, the FTP server must not be empty.

This module restarts the IIS server. This exploit forces the IIS process inetinfo.exe to throw an unhandled exception. IIS' behavior depends on the operating system version, its configuration and the system-wide debugger specified in the registry. By default under Windows 2000 Advanced Server 2000 the server will automatically restart. Under Windows 2000 Professional a message box will pop up in the console and the server will not be restarted until a user presses [OK].

This module restarts the IIS server. This exploit forces the IIS process inetinfo.exe to throw an unhandled exception. IIS' behavior depends on the operating system version, its configuration and the system-wide debugger specified in the registry. By default a message box will pop up in the console, and until a user closes it the server will not be restarted.

This module exploits a vulnerability on IBM Tivoli Directory Server and causes a DoS of the directory service.

This module shuts down the IBM solidDB Server because it fails to properly handle user-supplied malformed packets.

This module shuts down the IBM Lotus Domino Server because it fails to properly handle user-supplied malformed packets.

This module sends a series of UDP packets containing malformed IAX2 requests that will crash vulnerable listening IAX clients. If a broadcast IP address is specified, an entire subnetwork can be attacked in a single run.

This module shuts down the HP Data Protector Manager rds.exe Server because it fails to properly handle user-supplied malformed packets.

Subscribe to Denial of Service

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum