What OS and version of the MAS 200 host program was tested? The same process against ver 3.6 under NT4 provided the message "The Host cannot run the specified program". A single CTRL+q however, seems to disable the host. Sending a CTRL+o will return extended host information. IE, installation path, server memory, listening IP addresses, computer name and process owner. As a side note I was able to kill the host process entirely by pressing any of the arrow keys while connected via telnet. Any currently connected clients will continue to function but no new connections can be made. I'll test various versions and post results later this week. -Mike -----Original Message----- From: Administrator [mailto:Administratorat_private] Sent: Tuesday, August 21, 2001 4:36 PM To: bugtraqat_private Subject: Bug in MAS90 Accounting Platform remote access? Greetings, Not sure if any previous issues with this application have surfaced here, but I've run Sage Software's MAS 200 is an accounting platform which can be configured to permit remote access to server-side data over TCP/IP. A host application listens for connections on the server, and all remote clients use a workstation app to interface with the host. Running a port scanner determined that the MAS 200 host application listens for connections on port 10000..... telnet x.x.x.x port: 10000 Connected... <enter> "The host does not support this application" <control + x> X 10 <enter> "The host has been disabled"... exit telnet x.x.x.x port: 10000 Connected... <enter> "The host has been disabled"... -------------------------------------------------------------- Checking the status of the host app at the server console revealed it had indeed been switched to 'Disabled' status, and all access to the server from clients on the LAN and WAN sides thru the client application had been suspended. Am i missing something here? Or is it way too easy DOS this software?
This archive was generated by hypermail 2b30 : Wed Aug 22 2001 - 08:29:40 PDT