COMMAND

    WorldClient Server

SYSTEMS AFFECTED

    WorldClient Server v2.0.0.0

PROBLEM

    UssrLabs found  a buffer  overflow in  WorldClient Server v2.0.0.0
    where they do not use  proper bounds checking.  The  following all
    result in  a Denial  of Service  against the  service in question.
    Affected services:

        WorldClient: Port 2000

    This two remotes services are  affected to overflow of you  send a
    large url name.  Like:

        http:/serverip/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

    For  the  Binary  /  Source  for  this WorldClient Server v2.0.0.0
    Denial of Service go to:

        http://www.ussrback.com/mdeam285/

    or

        http://oliver.efri.hr/~crv/security/bugs/Others/mdaemon3.html

SOLUTION

    A hotfix for WorldClient Pro is available here:

        http://www.worldclient.com/helpdesk/hotfix.cfm

    11/30/99 AltN will release full patches for this product.