Vulnerability Note VU#12345 Full Disclosure DoS vulnerability
Overview A vulnerability in the way the mailinglist 'Full disclosure' handles 'n3td3v' packets could result in a remotely exploitable denial of service. I. Description 'Full disclosure' does not properly handle trolling packets, which can render the service useless. Upon receiving a trolling message the system response with a huge number of disapproval-messages. The magnitude of these disapproval-messages will cause a client to stop listening to the service. II. Impact An attacker can render 'Full disclosure' useless. III. Solution Clients of 'Full disclosure' should drop trolling messages of 'n3td3v' or others instead of sending a response of disapproval. Vendor Status Date Updated Full-discluse Vulnerable 28-Apr-2008 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
