Bugtraq mailing list archives
advisory for Pragma Interaccess
From: neme-dhc () hushmail com
Date: Wed, 6 Jun 2001 20:49:48 -0500 (EDT)
[ Advisory for Pragma InterAccess ] [ Pragma InterAccess is made by Pragma Systems ] [ Site: http://www.pragmasys.com ] [ by nemesystm of the DHC ] [ (http://dhcorp.cjb.net - neme-dhc () hushmail com) ] [ ADV-0119 ] /-|=[explanation]=|-\ Pragma InterAccess provides daemons like telnet, rexecd and rshd for the Windows environment. It is vulnerable to a denial of service. /-|=[who is vulnerable]=|-\ Pragma InterAccess Release 4.0 Build 5 has been tested and was vulnerable. Prior versions are assumed to be vulnerable as well. /-|=[testing it]=|-\ Sending a burst of characters with a length of 15000 to port 23 Interaccess will crash with: Telnet95 has caused an error to occur in telnet95.exe I have made a perl script that exploits this. It is in the advisory that is available on the DHC site. http://www.emc2k.com/dhcorp/homebrew/pragma.zip /-|=[fix]=|-\ Install Pragma InterAccess Release 4.0 Build 6. Free, encrypted, secure Web-based email at www.hushmail.com
Current thread:
- advisory for Pragma Interaccess neme-dhc (Jun 07)