[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] pc-anywhere (version 9.2) - telnet kills service

To: <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] pc-anywhere (version 9.2) - telnet kills service
From: "Harris, Michael C." <HarrisMC@health.missouri.edu>
Date: Tue, 11 Nov 2003 10:58:20 -0600

We found this out 3 years ago, when we started doing port scanning to identify 
rogue servers.  You can also cause this 'denial of service' by doing nmap or 
nessus scans across machines running PCAnywhere.  One scan to the default 
control port 5631 is enough to keep the service from responding to further 
legitimate connection attempts.  A stop and restart of the host service solves 
the problem but it does upset support staff when you do a scan on Friday and 
they have to drive in over the weekend because they can't get into machines 
running PCAW. 

here is a response from Symantec... from the way back machine  

http://securityresponse.symantec.com/avcenter/venc/data/pcanywhere.denial.of.service.html

Mike
------------------------------------------------------------------- 
Michael C Harris 
System Security Analyst - GSEC 
University of Missouri Health Center 
harrismc@health.missouri.edu  KC0PAH 
------------------------------------------------------------------- 

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com 
[mailto:full-disclosure-admin@lists.netsys.com]On Behalf Of Thorsten Mayr
Sent: Tuesday, November 11, 2003 7:52 AM
To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] pc-anywhere (version 9.2) - telnet kills service


doing a telnet on standard pc anywhere port 5631 onto a running pcanywhere 
service (running on a w2k sp4),
lead to a kill of  the service/deamon. Though (old known bug the service 
doesn´t appear to be not working looking him up on the services snapin)
I haven´t heard of that before... though I am aware that 9.2 is a rather old 
version, but there are companys who won´t buy new licences all day.....
all I found about is 
http://lists.insecure.org/lists/vuln-dev/2001/Aug/0019.html this one
though I don´t need as described 300 - 500 conenctions.
1 or 2 are enough.

thought it might of value for some...
(same happened on a nt 4.0 sp6a)

rgds
Thorsten

Thorsten Mayr
Kitcon GmbH 
we do It :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0
Next by Date: Re: [Full-Disclosure] POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0
Previous by thread: [Full-Disclosure] pc-anywhere (version 9.2) - telnet kills service
Next by thread: [Full-Disclosure] FW: Premier - Microsoft November 2003 Security Release
Index(es):
- Date
- Thread