Full Disclosure mailing list archives

RE: pc-anywhere (version 9.2) - telnet kills service

From: "Harris, Michael C." <HarrisMC () health missouri edu>
Date: Tue, 11 Nov 2003 10:58:20 -0600

We found this out 3 years ago, when we started doing port scanning to identify rogue servers.  You can also cause this 
'denial of service' by doing nmap or nessus scans across machines running PCAnywhere.  One scan to the default control 
port 5631 is enough to keep the service from responding to further legitimate connection attempts.  A stop and restart 
of the host service solves the problem but it does upset support staff when you do a scan on Friday and they have to 
drive in over the weekend because they can't get into machines running PCAW. 

here is a response from Symantec... from the way back machine  

http://securityresponse.symantec.com/avcenter/venc/data/pcanywhere.denial.of.service.html

Mike
------------------------------------------------------------------- 
Michael C Harris 
System Security Analyst - GSEC 
University of Missouri Health Center 
harrismc () health missouri edu  KC0PAH 
------------------------------------------------------------------- 

-----Original Message-----
From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Thorsten 
Mayr
Sent: Tuesday, November 11, 2003 7:52 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] pc-anywhere (version 9.2) - telnet kills service


doing a telnet on standard pc anywhere port 5631 onto a running pcanywhere service (running on a w2k sp4),
lead to a kill of  the service/deamon. Though (old known bug the service doesn´t appear to be not working looking him 
up on the services snapin)
I haven´t heard of that before... though I am aware that 9.2 is a rather old version, but there are companys who won´t 
buy new licences all day.....
all I found about is http://lists.insecure.org/lists/vuln-dev/2001/Aug/0019.html this one
though I don´t need as described 300 - 500 conenctions.
1 or 2 are enough.

thought it might of value for some...
(same happened on a nt 4.0 sp6a)

rgds
Thorsten

Thorsten Mayr
Kitcon GmbH 
we do It :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

pc-anywhere (version 9.2) - telnet kills service Thorsten Mayr (Nov 11)
- <Possible follow-ups>
- RE: pc-anywhere (version 9.2) - telnet kills service Harris, Michael C. (Nov 11)