[NT] pcAnywhere Vulnerable to a DoS (Multiple Connections)
From: support@securiteam.comDate: 08/15/01
- Previous message: support@securiteam.com: "[NT] NNTP Service in Windows Contains Memory Leak"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [NT] pcAnywhere Vulnerable to a DoS (Multiple Connections) Message-Id: <20010815200906.05727138BF@mail.der-keiler.de> Date: Wed, 15 Aug 2001 22:09:06 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
pcAnywhere Vulnerable to a DoS (Multiple Connections)
------------------------------------------------------------------------
SUMMARY
A security vulnerability in pcAnywhere - a product by Symantec that allows
system administrator to manage remotely Windows based operating systems -
suffer from a denial-of-service vulnerability that allows remote attackers
to no longer respond to legitimate connection requests.
DETAILS
Vulnerable systems:
pcAnywhere version 9.2
pcAnywhere version 10.0
Immune systems:
pcAnywhere version 9.2.1
When the socket which the pcAnywhere server is listening on is fed an
abnormal amount of random characters immediately upon connection, any
further communications between any pcAnywhere client and the server is
prevented. The server indicates continuing to listen for a connection but
no longer accepts client connections until the server application is
restarted.
Solution:
Symantec has developed fixes for pcAnywhere v 9.x and 10.x for this issue.
Patches have been posted to the following location for download and are to
be included in the pcAnywhere LiveUpdate the week of 5-9 March:
pcA 9.x
<http://www.symantec.com/techsupp/files/pca/pca9-9598nt.html>
http://www.symantec.com/techsupp/files/pca/pca9-9598nt.html
pcA 10.x
<http://www.symantec.com/techsupp/files/pca/pca_10.html>
http://www.symantec.com/techsupp/files/pca/pca_10.html
ADDITIONAL INFORMATION
The information has been provided by <mailto:jthornton@HACKERSDIGEST.COM>
John Thornton and <mailto:symsecurity@SYMANTEC.COM> Sym Security.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] NNTP Service in Windows Contains Memory Leak"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
