Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

AW: pc-anywhere (version 9.2) - telnet kills service

From: "Thorsten Mayr" <tmayr () kitcon net>
Date: Tue, 11 Nov 2003 19:00:38 +0100
Thanks for information,
Looks like I was too blind finding symantecs response on that..
I know how upsetting it is - as we got some new clients using symantec's pc anywhere 9.2....
Got a lot of work to get these guys kind of up to date...

Topic closed ;)

Thorsten


-----Ursprüngliche Nachricht-----
Von: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] Im Auftrag 
von Harris, Michael C.
Gesendet: Dienstag, 11. November 2003 17:58
An: full-disclosure () lists netsys com
Betreff: RE: [Full-Disclosure] pc-anywhere (version 9.2) - 
telnet kills service


We found this out 3 years ago, when we started doing port 
scanning to identify rogue servers.  You can also cause this 
'denial of service' by doing nmap or nessus scans across 
machines running PCAnywhere.  One scan to the default control 
port 5631 is enough to keep the service from responding to 
further legitimate connection attempts.  A stop and restart 
of the host service solves the problem but it does upset 
support staff when you do a scan on Friday and they have to 
drive in over the weekend because they can't get into 
machines running PCAW. 

here is a response from Symantec... from the way back machine  


http://securityresponse.symantec.com/avcenter/venc/data/pcanywhere.denial.of.service.html

Mike
------------------------------------------------------------------- 
Michael C Harris 
System Security Analyst - GSEC 
University of Missouri Health Center 
harrismc () health missouri edu  KC0PAH 
------------------------------------------------------------------- 

-----Original Message-----
From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Thorsten 
Mayr
Sent: Tuesday, November 11, 2003 7:52 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] pc-anywhere (version 9.2) - telnet kills service


doing a telnet on standard pc anywhere port 5631 onto a running pcanywhere service (running on a w2k sp4), lead to a 
kill of  the service/deamon. Though (old known bug the service doesn´t appear to be not working looking him up on the 
services snapin) I haven´t heard of that before... though I am aware that 9.2 is a rather old version, but there are 
companys who won´t buy new licences all day..... all I found about is 
http://lists.insecure.org/lists/vuln-dev/2001/Aug/0019.html this one though I don´t need as described 300 - 500 
conenctions. 1 or 2 are enough.

thought it might of value for some...
(same happened on a nt 4.0 sp6a)

rgds
Thorsten

Thorsten Mayr
Kitcon GmbH 
we do It :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: