lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: HarrisMC at health.missouri.edu (Harris, Michael C.)
Subject: pc-anywhere (version 9.2) - telnet kills service

We found this out 3 years ago, when we started doing port scanning to identify rogue servers.  You can also cause this 'denial of service' by doing nmap or nessus scans across machines running PCAnywhere.  One scan to the default control port 5631 is enough to keep the service from responding to further legitimate connection attempts.  A stop and restart of the host service solves the problem but it does upset support staff when you do a scan on Friday and they have to drive in over the weekend because they can't get into machines running PCAW. 

here is a response from Symantec... from the way back machine  

http://securityresponse.symantec.com/avcenter/venc/data/pcanywhere.denial.of.service.html

Mike
------------------------------------------------------------------- 
Michael C Harris 
System Security Analyst - GSEC 
University of Missouri Health Center 
harrismc@...lth.missouri.edu  KC0PAH 
------------------------------------------------------------------- 

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Thorsten Mayr
Sent: Tuesday, November 11, 2003 7:52 AM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] pc-anywhere (version 9.2) - telnet kills service


doing a telnet on standard pc anywhere port 5631 onto a running pcanywhere service (running on a w2k sp4),
lead to a kill of  the service/deamon. Though (old known bug the service doesn?t appear to be not working looking him up on the services snapin)
I haven?t heard of that before... though I am aware that 9.2 is a rather old version, but there are companys who won?t buy new licences all day.....
all I found about is http://lists.insecure.org/lists/vuln-dev/2001/Aug/0019.html this one
though I don?t need as described 300 - 500 conenctions.
1 or 2 are enough.

thought it might of value for some...
(same happened on a nt 4.0 sp6a)

rgds
Thorsten

Thorsten Mayr
Kitcon GmbH 
we do It :)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ