Both VNC server and client have buffer overruns (BugTraq ID 2306 & 2305).
These were announced 1/29/01 and at the time there was no update available
from the vendor, but Core SDI (the discoverer of the vuln) has provided a
patch.

-----Original Message-----
From: Todd M. Simons
To: FOCUS-MSSECURITYFOCUS.COM
Sent: 2/19/01 7:23 PM
Subject: Re: pcAnywhere

Hey everyone

We use VNC and VNCViewer. The VNC Service runs on the server and the
client
piece is small enough to fit on floppies. There are additional addons
to
allow IP level security and other options. The best part is its free.
The
downfall is when the client is connected, it takes its toll on the
server,
we haven't had any performance problems on our new servers though
(>633Mhz)

If anyone knows of any downfall to this software, please speak up. We
have
it installed on ever server in house, behind our firewall. It works on
one
port 5900-5910 based on your settings.

Source is provided, and there is even a Java Client that works in a web
browser, but we've been to busy to explore that option, the 130k client
does
its justice.

Here's the link:
http://www.uk.research.att.com/vnc/

Hope this helps!

__________________________
Todd Simons
MIS Engineer
Delphi Technology, Inc
New Brunswick, NJ

-----Original Message-----
From: - gary -
To: FOCUS-MSSECURITYFOCUS.COM
Sent: 2/15/2001 4:27 AM
Subject: Re: pcAnywhere

Hi there Jim

I've used PcAnywhere for a long time now, it was orginally bought in to
replace IBM Netfinty, with regards to machine control, although there is
now
faster programs which do the same thing, (there name escapes now) I am
now
in the process of changing PcAnywhere for RemotlyAnywhere.

If you havent heard of Remotly Anywhere before you might want to check
out
there website http://www.RemotelyAnywhere.com The Program is a small but
very powerfull little program. it will allow you to control any Win9X
ME
NT4/2000 machine via a web broswer.

You can secure communcation between the server by using 128SSL
connection,
Ipaccess lists and filters, you can then configure UsersID which our
Auth by
the NT machine to have limited access with in the program.

Anything that you we can do at the local machine you can do by one of
the
guis.

I'm sorry if this sounds like a sales pitch, I can assure you that I
dont
work for them, I have just been very very impressed with the product.

Gary

-----Original Message-----
From: Focus on Microsoft Mailing List
[mailto:FOCUS-MSSECURITYFOCUS.COM]On Behalf Of Gu1tarb0yAOL.COM
Sent: 09 February 2001 19:23
To: FOCUS-MSSECURITYFOCUS.COM
Subject: pcAnywhere

Looking for opinions:
User wants to relocate an Oracle web server (OWA) running on NT 4.0
server
to my site. This server will not be a part of my NT domain. During the
developmental period, he expects to have to do some Oracle and server
performance tweaking and wants to use PCAnywhere to access the NT
machine
temporarily. The user has informed me that PCAnywhere has been approved
if
they use the encryption that goes along with it.

I remember a discussion thread where it was generally advised not to use
PCAnywhere for remote access to administer domains. I can't find the
thread
in my records...
1)Does anyone remember the remote administration thread?

2) How should I feel about him using PCAnywhere to remotely access and
administer the OWA?

Jim McFarlen
###########################################

This message has been scanned by F-Secure Anti-Virus for Microsoft
Exchange.
For more information, connect to http://www.F-Secure.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]