[20897] in bugtraq
advisory for Pragma Interaccess
daemon@ATHENA.MIT.EDU (neme-dhc@hushmail.com)
Thu Jun 7 13:07:09 2001
From: neme-dhc@hushmail.com
Message-Id: <200106070048.RAA03887@user7.hushmail.com>
Content-type: multipart/mixed; boundary="Hushpart_boundary_PpfrQEwKanlDMbRdyJxMPaDSPayQNswh"
Mime-version: 1.0
To: bugtraq@securityfocus.com
Date: Wed, 6 Jun 2001 20:49:48 -0500 (EDT)
--Hushpart_boundary_PpfrQEwKanlDMbRdyJxMPaDSPayQNswh
Content-type: text/plain
[ Advisory for Pragma InterAccess ]
[ Pragma InterAccess is made by Pragma Systems ]
[ Site: http://www.pragmasys.com ]
[ by nemesystm of the DHC ]
[ (http://dhcorp.cjb.net - neme-dhc@hushmail.com) ]
[ ADV-0119 ]
/-|=[explanation]=|-\
Pragma InterAccess provides daemons like telnet,
rexecd and rshd for the Windows environment. It is
vulnerable to a denial of service.
/-|=[who is vulnerable]=|-\
Pragma InterAccess Release 4.0 Build 5
has been tested and was vulnerable. Prior versions
are assumed to be vulnerable as well.
/-|=[testing it]=|-\
Sending a burst of characters with a length of
15000 to port 23 Interaccess will crash with:
Telnet95 has caused an error to occur in
telnet95.exe
I have made a perl script that exploits this. It is
in the advisory that is available on the DHC site.
http://www.emc2k.com/dhcorp/homebrew/pragma.zip
/-|=[fix]=|-\
Install Pragma InterAccess Release 4.0 Build 6.
Free, encrypted, secure Web-based email at www.hushmail.com
--Hushpart_boundary_PpfrQEwKanlDMbRdyJxMPaDSPayQNswh--
