Denial of Service Database


From: Cain (cain@TASAM.COM)
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Date: Sat, 19 Sep 1998 14:35:58 -0400
Subject: PC Anywhere denial of service

I don't know if anyone has been exeriencing this, but I found a problem
with PC Anywhere 8.0. If you establish a telnet connection with port 5631,
then the pcanywhere server crashes. I've tested this on a fully patched
NT 4.0 server, so I think the problem lies within pc anywhere itself. I've
tried to get in contact with Symantec, but the only do that discussion
group thing and I found no real help there, so I'm letting everyone know
in hopes that a fix will soon be avalible.

        Cain
        Tasam

=-=-=-=

From: Russ (Russ.Cooper@RC.ON.CA)
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Date: Tue, 22 Sep 1998 07:28:26 -0400
Subject: Re: PC Anywhere denial of service

Moderator Summary:

We've had quite a few responses to Cain's message. Most people say that
they cannot reproduce his findings with PC Anywhere 8.0.

(aloubert@INAME.COM) asked if he was already using the 8.02 patch that
Symantec made available (he is).

(Ralph.Davis@CONSULTEC-INC.COM) did confirm that they too were
experiencing the same problem and said that Symantec claimed it was an
incompatibility with RAS. According to him, Symantec said to remove RAS.
Ralph did, and the problem seemed to be solved, although not ideally.

(Anthony_Garcia@enron.com) pointed out that he couldn't reproduce the
problem with PC Anywhere on Win95.

Cheers,
Russ - NTBugtraq moderator

From: Bill Sobel (bsobel@vipmail.com>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Date: Tue, 22 Sep 1998 19:15:19 -0700
Subject: PC Anywhere denial of service update

Just an update on the status of this, we have attempted to reproduce this
inhouse without success (with and without RAS).  The developer assigned has
contacted the original poster directly for more information and we hope that
will allow us to finally reproduce it (in our tests connecting with a telnet
or other client to the port and disconnecting, even after sending invalid
data, did not cause the reported crash).

As soon as I know more I'll pass it along.

Bill Sobel
Symantec


=-=-=-=-=

From: Russ (Russ.Cooper@RC.ON.CA)
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Date: Thu, 24 Sep 1998 06:24:05 -0400
Subject: Re: PC Anywhere denial of service update

Moderators Note:

Here's some more information Bill.

Numerous people have now confirmed that repeated attempts to telnet
cause the crash. They have all said that nothing happened after a single
telnet session, it only crashes after 2nd or sometimes the 3rd telnet
session.

In itself this seems disturbing, what would be carried forward from one
session to the next?

Another person noted that a Unix Strobe followed by a connect on port
5631 caused it to crash.

Also note that removing RAS from pcAnywhere machines *IS NOT* an
option...;-]...but that goes without saying.

Cheers,
Russ - NTBugtraq moderator