lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: tmayr at kitcon.net (Thorsten Mayr)
Subject: AW: pc-anywhere (version 9.2) - telnet kills service

Thanks for information,
Looks like I was too blind finding symantecs response on that..
I know how upsetting it is - as we got some new clients using symantec's pc anywhere 9.2....
Got a lot of work to get these guys kind of up to date...

Topic closed ;)

Thorsten

> -----Urspr?ngliche Nachricht-----
> Von: full-disclosure-admin@...ts.netsys.com 
> [mailto:full-disclosure-admin@...ts.netsys.com] Im Auftrag 
> von Harris, Michael C.
> Gesendet: Dienstag, 11. November 2003 17:58
> An: full-disclosure@...ts.netsys.com
> Betreff: RE: [Full-Disclosure] pc-anywhere (version 9.2) - 
> telnet kills service
> 
> 
> We found this out 3 years ago, when we started doing port 
> scanning to identify rogue servers.  You can also cause this 
> 'denial of service' by doing nmap or nessus scans across 
> machines running PCAnywhere.  One scan to the default control 
> port 5631 is enough to keep the service from responding to 
> further legitimate connection attempts.  A stop and restart 
> of the host service solves the problem but it does upset 
> support staff when you do a scan on Friday and they have to 
> drive in over the weekend because they can't get into 
> machines running PCAW. 
> 
> here is a response from Symantec... from the way back machine  
> 
http://securityresponse.symantec.com/avcenter/venc/data/pcanywhere.denial.of.service.html

Mike
------------------------------------------------------------------- 
Michael C Harris 
System Security Analyst - GSEC 
University of Missouri Health Center 
harrismc@...lth.missouri.edu  KC0PAH 
------------------------------------------------------------------- 

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Thorsten Mayr
Sent: Tuesday, November 11, 2003 7:52 AM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] pc-anywhere (version 9.2) - telnet kills service


doing a telnet on standard pc anywhere port 5631 onto a running pcanywhere service (running on a w2k sp4), lead to a kill of  the service/deamon. Though (old known bug the service doesn?t appear to be not working looking him up on the services snapin) I haven?t heard of that before... though I am aware that 9.2 is a rather old version, but there are companys who won?t buy new licences all day..... all I found about is http://lists.insecure.org/lists/vuln-dev/2001/Aug/0019.html this one though I don?t need as described 300 - 500 conenctions. 1 or 2 are enough.

thought it might of value for some...
(same happened on a nt 4.0 sp6a)

rgds
Thorsten

Thorsten Mayr
Kitcon GmbH 
we do It :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists