|
DameWare Mini Remote Control Buffer Overflow Vulnerability
|
|
Secunia Advisory:
|
SA10439
|
|
|
Release Date:
|
2003-12-16
|
|
Last Update:
|
2003-12-23
|
|
Popularity:
|
13,614 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | DameWare Mini Remote Control 3.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Wirepair has discovered a vulnerability in DameWare Mini Remote Control, which can be exploited by malicious, unauthenticated people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error when handling authentication traffic. This can be exploited by sending specially crafted packets to the DameWare Mini Remote Control Server (default port 6129/tcp), which may cause a buffer overflow.
Successful exploitation allows execution of arbitrary code on a vulnerable system.
The vulnerability has been reported in versions 3.70 and 3.72. Other versions may also be affected.
Solution:
Update to version 3.73 or later.
http://www.dameware.com/download/
Provided and/or discovered by:
wirepair
Changelog:
2003-12-23: Added link to CERT vulnerability note.
Original Advisory:
http://sh0dan.org/files/dwmrcs372.txt
Other References:
CERT VU#909678:
http://www.kb.cert.org/vuls/id/909678
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
