Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: pcaw7.htm

PCAnywhere - lock up with a TCP SYN scan



Vulnerability

    pcAnywhere

Affected

    pcAnywhere

Description

    Vacuum found following.  While performing a routine network audit,
    a TCP SYN scan caused every pcAnywhere Host service on the network
    to stop  responding.   The following  versions were  tested, other
    versions may be vulnerable as well:

        - 9.0.0 Build 133
        - 9.0.1 Build 143
        - 9.2.0 Build 239
        - 8.0.2 Build 220

    Target Operating systems tested:

        - Windows NT Server Service Pack 6a -- Running 9.0.0 and 9.2.0 Versions
        - Windows NT Worksation Service Pack 5 Running 9.2.0 Version
        - Windows NT Server Service Pack 4  -- Running 8.0.2 Version

    by using  nmap version  2.30BETA21.   Information gathering  (does
    not cause the crash):

        nmap -sT -sU <target>

    Servers running pcAnywhere version 8.x show ports

        - TCP 5631 and TCP 65301 open
        - UDP 5632 and UDP 22    open

    Servers running pcAnywhere version 9.x show ports

        TCP 5631 and UDP 5632  open

    nmap -sS <target> will cause  the pcAnywhere Host Service to  stop
    responding until the service is stopped and restarted.

    Patrick  Turcotte  did  some  testing.   nmap  v2.51  installed on
    Solaris 7  host, on  the same  LAN as  the host,  as the  scanning
    platform (network environment: switched 100 Mbps LAN).

    - NT 4.0 Workstation SP1  host, pcAnywhere 9.0.0 build 133,  Win98
      SE client, pcAnywhere  9.0.0 build 133:  nmap -sT -sU,  nmap -sS
      and nmap -sT all cause pcAnywhere host app to stop answering  to
      connection requests

    - NT 4.0 Workstation SP5  host, pcAnywhere 9.0.0 build 133,  Win98
      SE  client,  pcAnywhere  9.0.0   build  133:  nmap  -sT   causes
      pcAnywhere host app to stop answering to connection requests

    - NT 4.0 Workstation SP5  host, pcAnywhere 9.2.0 build 239,  Win98
      SE  client,  pcAnywhere  9.2.0   build  239:  nmap  -sT   causes
      pcAnywhere host app to stop answering to connection requests

    All tests were done both  in unencrypted mode and with  pcAnywhere
    encryption,  with  no  difference   in  the  results.   A   simple
    cancelling and  restarting of  the pcAnywhere  host service  fixed
    the  crash,  but  this  kind  of  defeats  the  purpose  of remote
    administration, doesn't it?   And yes, where  vacuum needed a  SYN
    scan, a simple TCP scan  was necessary here, for obscure  reasons.
    Some  tests  were  also  done  with other portscanners, but didn't
    produce the same effect.

Solution

    Nothing yet.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH