Bugtraq mailing list archives

PC-Cillin 6.x DoS Attack

From: dannys () KAREMOR COM (Daniel P. Stasinski)
Date: Thu, 30 Dec 1999 11:37:09 -0700


Version 6.x of Trend Micro's PC-Cillin Anti-Virus software can be
subjected to a remote DoS attack and possibly authorized relays.

As part of it's Java/ActiveX protection, it routes all http
requests through its own internal proxy on port 8431.
Unfortunately, it allows anyone anywhere to connect to that port
and dump enough data through it to saturate an unexpected victims
connection.   Their tech's could not confirm or deny if remote
users are able to get an outbound connection from the victims
system.

I have contacted Trend Micro, and they are aware of the problem
but have no plans for a hot patch.  They did say it would be
fixed in the next major release (v7.0 ?)

Daniel

--
| Daniel P. Stasinski     | KareMor International, Inc.
| Software Engineer       | 2401 South 24th Street
| Internet Services Dept. | Phoenix, AZ 85034
| daniels () karemor com     | http://www.karemor.com

Current thread:

Re: majordomo local exploit Henrik Edlund (Dec 29)
- Re: majordomo local exploit Jefferson Ogata (Dec 29)
- AltaVista followup and monitor script Edward Glowacki (Dec 29)
- Re: majordomo local exploit Chip Salzenberg (Dec 29)
- UnixWare rtpm exploit + discussion Brock Tellier (Dec 30)
- Local / Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP Server v2.5 for Win9x/NT Ussr Labs (Dec 30)
- PC-Cillin 6.x DoS Attack Daniel P. Stasinski (Dec 30)
- Analysis of "stacheldraht" Dave Dittrich (Dec 30)
  - Re: Analysis of "stacheldraht" Jordan Ritter (Dec 31)
    - Re: Analysis of "stacheldraht" Dave Dittrich (Dec 31)