-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote Desktop 3.0 and previous DoS Affected: Win95/95/ME running Mcafee Remote Desktop 3.0 and below Problem: possible for remote attacker to crash Remote Desktop session. in some cases crashing the remote desktop agent. Desc: Remote desktop agent listens on ports 5044 and 5045. 5044 is to send data and 5045 is to receive data. After a session is started a 3rd system can be used to send data to port 5045 of the agent and crash the session. The agent will then not respond for roughly a minute, and in some cases not respond until restarted. Exp: to recreate this simply use netcat and send lots of data to port 5045 on the client system. Vendor Status: Notified that versions 2.12 and below were vuln. I was then ask for a test of 3.x. Supplied them with results of a 3.0 test. No further word, several weeks have passed. Fix/Work Around: Don't use Remote Desktop on public infrastructure. Filter where ever possible. - - -------------------------- altomoat_private NudeHackersDotCom Soooooo Sexy it hurts - - -------------------------- -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBOwKjYWx4bANfut9PEQIO2gCbBQIFRgkZMs26Cdia+/vh2kreIfUAn0tN ixk4jPm8CQYUFq/my2S5gdov =Kcub -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Wed May 16 2001 - 13:21:51 PDT