Timbuktu multiple connections denial of service
| timbuktu-multiple-connections-dos (18172) |  Medium Risk |
Description:
Timbuktu is vulnerable to a denial of service attack. By sending specially-crafted data on multiple connections to the same TCP port at the same time, a remote attacker could over overflow a buffer and overwrite memory and cause a denial of service.
Consequences:
Denial of Service
Remedy:
Upgrade to the latest version of Timbuktu (7.0.4 or later), when it becomes available from the Netopia Web site. See References.
References:
- BugTraq Mailing List, Fri Nov 19 2004 - 11:50:49 CST: Corsaire Security Advisory - Netopia Timbuktu remote buffer overflow issue.
- Netopia Web site: Timbuktu Pro for Mac OS.
- NISCC Vulnerability Advisory 190204: Vulnerability Issue in the Timbuktu product for Mac OS X.
- BID-11714: Netopia Timbuktu Server For Apple Mac OSX Remote Buffer Overflow Vulnerability
- CVE-2004-0810: Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to cause a denial of service (server process crash) via a certain data string that is sent to multiple simultaneous client connections to TCP port 407.
- SA13250: Timbuktu Buffer Overflow Denial of Service Vulnerability
Platforms Affected:
- Netopia Timbuktu Pro prior to 7.0.4
Reported:
Nov 19, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net