COMMAND

    Netscape

SYSTEMS AFFECTED

    Netscape Collabra Server V3.54 for Windows NT

PROBLEM

    Following is based on a Defcom Labs Advisory def-2001-08 by  Peter
    Grundl.   By sending  malicious packets  to the  Netscape Collabra
    Server, it can be brought to consume all available memory and CPU.

    The  collabra  server  listens  on  the  following  TCP  ports per
    default:  119, 5238,  5239 and 20749.   By sending approx. 5kb  of
    A's to TCP port 5238 and then terminating the connection, you will
    cause two  handles to  be be  allocated and  approx. 4-5kb  kernel
    memory per  connection.   The ressources  are not  freed again, so
    the  attack  can  take  place  very  slowly and eventually it will
    consume all available memory.

    By sending a null character  followed by seven or more  characters
    to TCP port  5239, you will  cause the process  srchs.exe to spike
    at 100% CPU usage.

SOLUTION

    Filter  TCP  ports  5238  and  5239  from  untrusted networks, and
    contact Netscape Support, if you need further assistance.

    The Vendor  was contacted  January 4th,  2001 and  then again four
    times via phone and email.  There is still no indication that  the
    vendor intends to fix this problem.