In association with heise online

25 July 2007, 10:37

DoS vulnerability in Teamspeak server

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A vulnerability in the TeamspeakVoIP software package might be exploited by attackers to knock out the server. On the Milw0rm exploit portal, a demo has been released to demonstrate the hole. Specific HTTP requests containing excess length user names and passwords cause a very high CPU load on the inbuilt web server. As a consequence, the server is either slowed down considerably or ceases to respond. Authentication is not required to execute such attack.

The flaw has been detected in version 2.0.x for Windows, and it is probable that prior versions are also vulnerable. An updated server that is free of the bug is now available to download, but restricting access to TCP port 14534 over which the web admin interface communicates can also serve as an interim workaround.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-733320
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit