COMMAND

    ImageCast IC3 Control Center

SYSTEMS AFFECTED

    ImageCast IC3 Control Center 4.1.0

PROBLEM

    Following is based on a Defcom Labs Advisory def-2001-01 by  Peter
    Grundl.  ImageCast, a  rapid-PC-deployment tool, much like  Ghost,
    has problems handling malformed input.  These problems can  result
    in a DoS against the ImageCast Control Center.

    Sending a  string of  approx. 50Kb  to the  ICCC service (TCP port
    12002) results in  the server consuming  all available CPU  and no
    longer accepting connections to that port.

    Sending multiple  packets to  port 8081  starting from  size 14000
    bytes  (+carriage  return  &  linefeed),  results in a warning box
    being  opened  for  each  connection,  and  will eventually (after
    approx 326  packets) result  in the  OS killing  ICCC.exe within a
    very short time.

SOLUTION

    This issue was  brought to the  vendor's attention on  the 21st of
    December and assigned incident number [Incident:main 001222-0002].
    This is an issue  that will be dealt  with in a future  version of
    Imagecast.