SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   McAfee Remote Desktop Vendors:   McAfee
McAfee Remote Desktop Allows Remote Users to Crash the Remote Desktop Session and Possibly the Remote Desktop Agent
SecurityTracker Alert ID:  1001560
SecurityTracker URL:  http://securitytracker.com/id/1001560
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 16 2001
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): Mcafee Remote Desktop 3.0 and below
Description:   A vulnerability is reported in McAfee's Remote Desktop application that allows remote users to cause the Remote Desktop session to crash and, in some cases, to cause the Remote Desktop agent to crash.

Remote desktop agent reportedly listens on ports 5044 and 5045. Port 5044 is used to send data and port 5045 is used to receive data. After a session is started, a separate host can send data to port 5045 of the agent and cause the session to crash. The agent will reportedly not respond for approximately a minute. In some cases, the agent will not respond unitl restarted.

Impact:   A remote user can cause Remote Desktop sessions to crash and, in some cases, can cause the Remote Desktop agent to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.mcafee.com/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (Me), Windows (95), Windows (98)

Message History:   None.


 Source Message Contents

Subject:  Remote Desktop DoS


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Remote Desktop 3.0 and previous DoS
Affected: 
Win95/95/ME running Mcafee Remote Desktop 3.0 and below
Problem:
possible for remote attacker to crash Remote Desktop session. in some
cases crashing the remote desktop agent.


Desc:

Remote desktop agent listens on ports 5044 and 5045.  5044 is to send
data and 5045 is to receive data.  After a session is started a 3rd
system can be used to send data to port 5045 of the agent and crash
the session.  The agent will then not respond for roughly a minute,
and in some cases not respond until restarted.


Exp:
to recreate this simply use netcat and send lots of data to port 5045
on the client system.

Vendor Status:
Notified that versions 2.12 and below were vuln. I was then ask for a
test of 3.x.  Supplied them with results of a 3.0 test. No further
word, several weeks have passed.

Fix/Work Around:
Don't use Remote Desktop on public infrastructure.  Filter where ever
possible.

- - --------------------------
altomo@nudehackers.com
NudeHackersDotCom
Soooooo Sexy it hurts 
- - --------------------------

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOwKjYWx4bANfut9PEQIO2gCbBQIFRgkZMs26Cdia+/vh2kreIfUAn0tN
ixk4jPm8CQYUFq/my2S5gdov
=Kcub
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC