Vulnerability
InterAccess
Affected
Pragma InterAccess
Description
nemesystm of the DHC (ADV-0119) found following. Pragma
InterAccess provides daemons like telnet, rexecd and rshd for the
Windows environment. It is vulnerable to a denial of service.
Pragma InterAccess Release 4.0 Build 5 has been tested and was
vulnerable. Prior versions are assumed to be vulnerable as well.
Sending a burst of characters with a length of 15000 to port 23
Interaccess will crash with:
Telnet95 has caused an error to occur in telnet95.exe
There is a perl script that exploits this. It is in the advisory
that is available on the DHC site:
http://www.emc2k.com/dhcorp/homebrew/pragma.zip
Solution
Install Pragma InterAccess Release 4.0 Build 6.
Credits
-- UnKnown --
|