lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20031001111838.646.qmail@sf-www1-symnsj.securityfocus.com>
Date: 1 Oct 2003 11:18:38 -0000
From: Bahaa Naamneh <b_naamneh@...mail.com>
To: bugtraq@...urityfocus.com
Subject: Multiple vulnerabilities in WinShadow




Multiple vulnerabilities in WinShadow
-------------------------------------


Affected Systems: OmniCom WinShadow

version: 2.0 (and possibly earlier versions)

Vendor: OmniCom Technologies - http://www.omnicomtech.com

Issue: 1. Buffer overflow in client handling hostnames in host files
       2. DoS against server

Released: 27 September 2003


Introduction:
=============
"winshdow: Create a secure remote control session on the Internet or private WAN/LAN network allowing easy access to remote files and applications. Increase productivity by allowing secure remote access for mobile users and system administrators."

- Vendors Description
   [ http://www.omnicomtech.com ]


Details:
========
Multiple vulnerabilities has been identified in winShadow version 2.0, which allows malicious users to execute arbitrary code on the master client and remotely crash the server. 

Buffer Overflow:
----------------
winShadow saves hostnames in host files (*.osh), the process handing the hostname parameter read from the file will cause a buffer overflow if approximately 250 bytes are passed after this parameter.

Denial of Service:
------------------
By connecting to the server and issuing a long username or password, the server will crash, refusing any further connections until the server is closed by logging off or rebooting the system, this may be because it a service that runs with system privileges.


Vendor status:
==============
The vendor has been informed.


Exploit:
========
Can be downloaded from http://www.elitehaven.net/winshadow.zip
The exploit was written by Peter Winter-Smith.


Discovered by/Credit:
=====================
Bahaa Naamneh
b_naamneh@...mail.com
http://www.bsecurity.tk

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ