|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: altomo
nudehackers.comDate: Wed May 16 2001 - 11:09:45 CDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Remote Desktop 3.0 and previous DoS
Affected:
Win95/95/ME running Mcafee Remote Desktop 3.0 and below
Problem:
possible for remote attacker to crash Remote Desktop session. in some
cases crashing the remote desktop agent.
Desc:
Remote desktop agent listens on ports 5044 and 5045. 5044 is to send
data and 5045 is to receive data. After a session is started a 3rd
system can be used to send data to port 5045 of the agent and crash
the session. The agent will then not respond for roughly a minute,
and in some cases not respond until restarted.
Exp:
to recreate this simply use netcat and send lots of data to port 5045
on the client system.
Vendor Status:
Notified that versions 2.12 and below were vuln. I was then ask for a
test of 3.x. Supplied them with results of a 3.0 test. No further
word, several weeks have passed.
Fix/Work Around:
Don't use Remote Desktop on public infrastructure. Filter where ever
possible.
- - --------------------------
altomonudehackers.com
NudeHackersDotCom
Soooooo Sexy it hurts
- - --------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBOwKjYWx4bANfut9PEQIO2gCbBQIFRgkZMs26Cdia+/vh2kreIfUAn0tN
ixk4jPm8CQYUFq/my2S5gdov
=Kcub
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]