A local denial of service has been discovered in the NetScan Basic Edition 2.5 freeware which makes the tool vulnerable to “overflooding” of arbitrary requests via an access channel. The requests may prevent its intended use or crash the system altogether. NetScan is used by many professionals from computer scientists and engineers to law enforcement and cyber security experts. It combines a wide variety of tools into one convenient package. Fortunately, only the Basic freeware version of the package has been found to be vulnerable to the DoS. This version is used as a DNS tool for “IP/hostname resolution and computer DNS information, ping, graphical ping, ping scanner, traceroute, and the tool Whois.” The vulnerability is considered lower risk, as it is locally exploitable. There has not been a CVE assigned to the vulnerability as of yet.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is