COMMAND

    Electocomm

SYSTEMS AFFECTED

    Electrocomm 2 and prior

PROBLEM

    nemesystm of the DHC found  following.  ElectroComm allows you  to
    connect to  a comm  port on  a computer  over a  network using any
    Telnet  client.   The  program  can  fall  victim  to  a denial of
    service.

    Electrocomm 2.0 has been tested to be vulnerable.  Prior versions
    are assumed to be vulnerable as well.

    Sending two  bursts of  characters with  a length  of about 160000
    each to port 23 will peg CPU to 100% and then crash with:

        Run-time error '381':  Invalid array index.

    There is a perl script that exploits this.  It is in the  advisory
    that is available on the DHC site:

        http://www.emc2k.com/dhcorp/homebrew/electro.zip

SOLUTION

    None known at the moment.