|
Bugtraq
mailing list archives
Multiple vulnerabilities in WinShadow
From: Bahaa Naamneh <b_naamneh () hotmail com>
Date: 1 Oct 2003 11:18:38 -0000
Multiple vulnerabilities in WinShadow
-------------------------------------
Affected Systems: OmniCom WinShadow
version: 2.0 (and possibly earlier versions)
Vendor: OmniCom Technologies - http://www.omnicomtech.com
Issue: 1. Buffer overflow in client handling hostnames in host files
2. DoS against server
Released: 27 September 2003
Introduction:
=============
"winshdow: Create a secure remote control session on the Internet or private WAN/LAN network allowing easy access to
remote files and applications. Increase productivity by allowing secure remote access for mobile users and system
administrators."
- Vendors Description
[ http://www.omnicomtech.com ]
Details:
========
Multiple vulnerabilities has been identified in winShadow version 2.0, which allows malicious users to execute
arbitrary code on the master client and remotely crash the server.
Buffer Overflow:
----------------
winShadow saves hostnames in host files (*.osh), the process handing the hostname parameter read from the file will
cause a buffer overflow if approximately 250 bytes are passed after this parameter.
Denial of Service:
------------------
By connecting to the server and issuing a long username or password, the server will crash, refusing any further
connections until the server is closed by logging off or rebooting the system, this may be because it a service that
runs with system privileges.
Vendor status:
==============
The vendor has been informed.
Exploit:
========
Can be downloaded from http://www.elitehaven.net/winshadow.zip
The exploit was written by Peter Winter-Smith.
Discovered by/Credit:
=====================
Bahaa Naamneh
b_naamneh () hotmail com
http://www.bsecurity.tk
 By Date 
By Thread
Current thread:
- Multiple vulnerabilities in WinShadow Bahaa Naamneh (Oct 01)
|
Intro
