Dameware Remote Control - Buffer Overflow & POC warnings from FrSIRT - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Dameware Remote Control - Buffer Overflow & POC warnings from FrSIRT

Corporate Users of the Dameware remote control facility should patch their systems expediently as a new vulnerability and proof-of-concept code were published at the end of August.

Dameware Remote Control - Buffer Overflow Expoit Warning

Dameware Remote Control - Proof of Concept Exploit (be careful as actual code for the exploit is published here)

Solution: Upgrade to DameWare Mini Remote Control version 4.9.2.4

QUOTE: A vulnerability was identified in DameWare Mini Remote Control Server, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a buffer overflow error in the authentication procedure that does not properly handle an overly long "username" parameter (port 6129), which could be exploited by unauthenticated remote attackers to compromise a vulnerable system.

By default (DameWare Remote Control Server) DWRCS listens on port 6129 TCP. An attacker can construct a specialy crafted packet and exploit this vulnerability. The vulnerability is caused by insecure calls to the lstrcpyA function when checking the username.

Posted: Sep 02 2005, 10:37 AM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.