[NT] Multiple Vulnerabilities in winShadow
From: SecuriTeam (support_at_securiteam.com)
Date: 10/02/03
- Previous message: SecuriTeam: "[NT] MondoSearch File Creation Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 2 Oct 2003 15:22:15 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Multiple Vulnerabilities in winShadow
------------------------------------------------------------------------
SUMMARY
" <http://www.omnicomtech.com/products/winshadow.php3> winShadow is a
product that allows you to remote control session on the Internet or
private WAN/LAN network allowing easy access to remote files and
applications. Increase productivity by allowing secure remote access for
mobile users and system administrators".
The winShadow product has been found to contain multiple vulnerabilities
that allow remote attackers to overflow internal buffers (allowing the
execution of arbitrary code) and cause the server to crash.
DETAILS
Vulnerable Systems:
* WinShadow version 2.0 (and earlier versions)
Buffer Overflow:
winShadow saves hostnames in host files (*.osh), the process handing the
hostname parameter read from the file will cause a buffer overflow if
approximately 250 bytes are passed after this parameter. The vulnerability
allows remote attackers to cause the product to execute arbitrary code.
Denial of Service:
By connecting to the server and issuing a long username or password, the
server will crash, refusing any further connections until the server is
closed by logging off or rebooting the system, this may be because it a
service that runs with system privileges.
Exploit:
An exploit written by Peter Winter-Smith can be downloaded from
<http://www.elitehaven.net/winshadow.zip>
http://www.elitehaven.net/winshadow.zip
Vendor status:
The vendor was informed.
ADDITIONAL INFORMATION
The information has been provided by <mailto:b_naamneh@hotmail.com> Bahaa
Naamneh
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NT] MondoSearch File Creation Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
