[<prev] [next>] [day] [month] [year] [list]
From: tmayr at kitcon.net (Thorsten Mayr)
Subject: AW: pc-anywhere (version 9.2) - telnet kills service
Thanks for information,
Looks like I was too blind finding symantecs response on that..
I know how upsetting it is - as we got some new clients using symantec's pc anywhere 9.2....
Got a lot of work to get these guys kind of up to date...
Topic closed ;)
Thorsten
> -----Urspr?ngliche Nachricht-----
> Von: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] Im Auftrag
> von Harris, Michael C.
> Gesendet: Dienstag, 11. November 2003 17:58
> An: full-disclosure@...ts.netsys.com
> Betreff: RE: [Full-Disclosure] pc-anywhere (version 9.2) -
> telnet kills service
>
>
> We found this out 3 years ago, when we started doing port
> scanning to identify rogue servers. You can also cause this
> 'denial of service' by doing nmap or nessus scans across
> machines running PCAnywhere. One scan to the default control
> port 5631 is enough to keep the service from responding to
> further legitimate connection attempts. A stop and restart
> of the host service solves the problem but it does upset
> support staff when you do a scan on Friday and they have to
> drive in over the weekend because they can't get into
> machines running PCAW.
>
> here is a response from Symantec... from the way back machine
>
http://securityresponse.symantec.com/avcenter/venc/data/pcanywhere.denial.of.service.html
Mike
-------------------------------------------------------------------
Michael C Harris
System Security Analyst - GSEC
University of Missouri Health Center
harrismc@...lth.missouri.edu KC0PAH
-------------------------------------------------------------------
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Thorsten Mayr
Sent: Tuesday, November 11, 2003 7:52 AM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] pc-anywhere (version 9.2) - telnet kills service
doing a telnet on standard pc anywhere port 5631 onto a running pcanywhere service (running on a w2k sp4), lead to a kill of the service/deamon. Though (old known bug the service doesn?t appear to be not working looking him up on the services snapin) I haven?t heard of that before... though I am aware that 9.2 is a rather old version, but there are companys who won?t buy new licences all day..... all I found about is http://lists.insecure.org/lists/vuln-dev/2001/Aug/0019.html this one though I don?t need as described 300 - 500 conenctions. 1 or 2 are enough.
thought it might of value for some...
(same happened on a nt 4.0 sp6a)
rgds
Thorsten
Thorsten Mayr
Kitcon GmbH
we do It :)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists