[ Advisory for Pragma InterAccess ] [ Pragma InterAccess is made by Pragma Systems ] [ Site: http://www.pragmasys.com ] [ by nemesystm of the DHC ] [ (http://dhcorp.cjb.net - neme-dhcat_private) ] [ ADV-0119 ] /-|=[explanation]=|-\ Pragma InterAccess provides daemons like telnet, rexecd and rshd for the Windows environment. It is vulnerable to a denial of service. /-|=[who is vulnerable]=|-\ Pragma InterAccess Release 4.0 Build 5 has been tested and was vulnerable. Prior versions are assumed to be vulnerable as well. /-|=[testing it]=|-\ Sending a burst of characters with a length of 15000 to port 23 Interaccess will crash with: Telnet95 has caused an error to occur in telnet95.exe I have made a perl script that exploits this. It is in the advisory that is available on the DHC site. http://www.emc2k.com/dhcorp/homebrew/pragma.zip /-|=[fix]=|-\ Install Pragma InterAccess Release 4.0 Build 6. Free, encrypted, secure Web-based email at www.hushmail.com
This archive was generated by hypermail 2b30 : Thu Jun 07 2001 - 10:09:03 PDT