[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [Full-Disclosure] pc-anywhere (version 9.2) - telnet kills service

To: <full-disclosure@lists.netsys.com>
Subject: AW: [Full-Disclosure] pc-anywhere (version 9.2) - telnet kills service
From: "Thorsten Mayr" <tmayr@kitcon.net>
Date: Tue, 11 Nov 2003 19:00:38 +0100

Thanks for information,
Looks like I was too blind finding symantecs response on that..
I know how upsetting it is - as we got some new clients using symantec's pc 
anywhere 9.2....
Got a lot of work to get these guys kind of up to date...

Topic closed ;)

Thorsten

> -----Ursprüngliche Nachricht-----
> Von: full-disclosure-admin@lists.netsys.com 
> [mailto:full-disclosure-admin@lists.netsys.com] Im Auftrag 
> von Harris, Michael C.
> Gesendet: Dienstag, 11. November 2003 17:58
> An: full-disclosure@lists.netsys.com
> Betreff: RE: [Full-Disclosure] pc-anywhere (version 9.2) - 
> telnet kills service
> 
> 
> We found this out 3 years ago, when we started doing port 
> scanning to identify rogue servers.  You can also cause this 
> 'denial of service' by doing nmap or nessus scans across 
> machines running PCAnywhere.  One scan to the default control 
> port 5631 is enough to keep the service from responding to 
> further legitimate connection attempts.  A stop and restart 
> of the host service solves the problem but it does upset 
> support staff when you do a scan on Friday and they have to 
> drive in over the weekend because they can't get into 
> machines running PCAW. 
> 
> here is a response from Symantec... from the way back machine  
> 
http://securityresponse.symantec.com/avcenter/venc/data/pcanywhere.denial.of.service.html

Mike
------------------------------------------------------------------- 
Michael C Harris 
System Security Analyst - GSEC 
University of Missouri Health Center 
harrismc@health.missouri.edu  KC0PAH 
------------------------------------------------------------------- 

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com 
[mailto:full-disclosure-admin@lists.netsys.com]On Behalf Of Thorsten Mayr
Sent: Tuesday, November 11, 2003 7:52 AM
To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] pc-anywhere (version 9.2) - telnet kills service


doing a telnet on standard pc anywhere port 5631 onto a running pcanywhere 
service (running on a w2k sp4), lead to a kill of  the service/deamon. Though 
(old known bug the service doesn´t appear to be not working looking him up on 
the services snapin) I haven´t heard of that before... though I am aware that 
9.2 is a rather old version, but there are companys who won´t buy new licences 
all day..... all I found about is 
http://lists.insecure.org/lists/vuln-dev/2001/Aug/0019.html this one though I 
don´t need as described 300 - 500 conenctions. 1 or 2 are enough.

thought it might of value for some...
(same happened on a nt 4.0 sp6a)

rgds
Thorsten

Thorsten Mayr
Kitcon GmbH 
we do It :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] EEYE: Windows Workstation Service Remote Buffer Overflow
Next by Date: [Full-Disclosure] [OpenPKG-SA-2003.048] OpenPKG Security Advisory (postgresql)
Previous by thread: [Full-Disclosure] EEYE: Windows Workstation Service Remote Buffer Overflow
Next by thread: [Full-Disclosure] [OpenPKG-SA-2003.048] OpenPKG Security Advisory (postgresql)
Index(es):
- Date
- Thread