SecurityFocus BUGTRAQ Mailing List: BugTraqLink Number One Link Number One Link Number Two Link Number Two Link Number One Link Number One Link Number Two Link Number Two Entire Site Advisories Calendar Columnists Elsewhere Guest Feature Infocus Library Links Mailing Lists (all) -- BUGTRAQ -- FOCUS-IDS -- FOCUS-IH -- FOCUS-LINUX -- FOCUS-MS -- FOCUS-SUN -- FOCUS-VIRUS -- FORENSICS -- INCIDENTS -- PEN-TEST -- SEC JOBS -- SF NEWS -- VULN-DEV News Products Services Tools Vulns BUGTRAQ ARCHIVE [ Message Index ] [ Thread Index ][ Reply ] [ prev Msg by Date ][ next Msg by Date ] To: BugTraq Subject: Multiple vulnerabilities in WinShadow Date: Oct 1 2003 11:18AM Author: Bahaa Naamneh Message-ID: <20031001111838.646.qmail@sf-www1-symnsj.securityfocus.com> Multiple vulnerabilities in WinShadow ------------------------------------- Affected Systems: OmniCom WinShadow version: 2.0 (and possibly earlier versions) Vendor: OmniCom Technologies - http://www.omnicomtech.com Issue: 1. Buffer overflow in client handling hostnames in host files 2. DoS against server Released: 27 September 2003 Introduction: ============= "winshdow: Create a secure remote control session on the Internet or private WAN/LAN network allowing easy access to remote files and applications. Increase productivity by allowing secure remote access for mobile users and system administrators." - Vendors Description [ http://www.omnicomtech.com ] Details: ======== Multiple vulnerabilities has been identified in winShadow version 2.0, which allows malicious users to execute arbitrary code on the master client and remotely crash the server. Buffer Overflow: ---------------- winShadow saves hostnames in host files (*.osh), the process handing the hostname parameter read from the file will cause a buffer overflow if approximately 250 bytes are passed after this parameter. Denial of Service: ------------------ By connecting to the server and issuing a long username or password, the server will crash, refusing any further connections until the server is closed by logging off or rebooting the system, this may be because it a service that runs with system privileges. Vendor status: ============== The vendor has been informed. Exploit: ======== Can be downloaded from http://www.elitehaven.net/winshadow.zip The exploit was written by Peter Winter-Smith. Discovered by/Credit: ===================== Bahaa Naamneh b_naamneh hotmail com http://www.bsecurity.tk Want to link to this message? Use this URL: Disclaimer, Terms & Conditions About this List Featured Lists: ARIS Users bugtraq bugtraq-es bugtraq-french NEW bugtraq-jp firewalls focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics forensics-es honeypots incidents libnet pen-test secevents secpapers secprog sectools secureshell security-basics security-management NEW securityjobs vpn vuln-dev webappsec Newsletters: sf-news ms-secnews linux-secnews [ more . . . ] Privacy Statement Copyright © 1999-2003 SecurityFocus