advisory for Pragma Interaccess

From: neme-dhcat_private
Date: Wed Jun 06 2001 - 18:49:48 PDT

Next message: Dan Kaminsky: "Re: SECURITY.NNOV: Outlook Express address book spoofing"

Previous message: SpearHead Customer Support: "SpearHead Security NetGAP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 [ Advisory for Pragma InterAccess                 ]
 [ Pragma InterAccess is made by Pragma Systems    ]
 [ Site: http://www.pragmasys.com                  ]
 [ by nemesystm of the DHC                         ]
 [ (http://dhcorp.cjb.net - neme-dhcat_private) ]
 [ ADV-0119                                        ]

/-|=[explanation]=|-\
Pragma InterAccess provides daemons like telnet, 
rexecd and rshd for the Windows environment. It is
vulnerable to a denial of service.

/-|=[who is vulnerable]=|-\
Pragma InterAccess Release 4.0 Build 5
has been tested and was vulnerable. Prior versions
are assumed to be vulnerable as well.

/-|=[testing it]=|-\
Sending a burst of characters with a length of 
15000 to port 23 Interaccess will crash with:
Telnet95 has caused an error to occur in 
telnet95.exe

I have made a perl script that exploits this. It is
in the advisory that is available on the DHC site.
http://www.emc2k.com/dhcorp/homebrew/pragma.zip

/-|=[fix]=|-\
Install Pragma InterAccess Release 4.0 Build 6.
Free, encrypted, secure Web-based email at www.hushmail.com

Next message: Dan Kaminsky: "Re: SECURITY.NNOV: Outlook Express address book spoofing"
Previous message: SpearHead Customer Support: "SpearHead Security NetGAP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 07 2001 - 10:09:03 PDT