| VID |
23139 |
| Severity |
40 |
| Port |
3129 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
The DameWare Mini Remote Control, according to its version number, has a buffer overflow vulnerability in the username field. DameWare Mini Remote Control is a lightweight remote control program intended primarily for administrators and help desks for quick and easy deployment without external dependencies and machine reboot. DameWare Mini Remote Control versions 4.x prior to 4.9.0.0 are vulnerable to a buffer overflow vulnerability in the username field. Since the buffer overflow occurs in a section of the code used to handle authentication, by sending a specially crafted packet to the vulnerable server (default port 6129/TCP), a remote unauthenticated attacker can execute arbitrary code on the system.
* References:
http://archives.neohapsis.com/archives/fulldisclosure/2005-08/1074.html
* Platforms Affected:
DameWare Mini Remote Control versions 4.x prior to 4.9.0.0
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of DameWare (4.9.0.0 or later), available from the DameWare Products Web site at at http://www.dameware.co.uk/ |
| Related URL |
CVE-2005-2842 (CVE) |
| Related URL |
14707 (SecurityFocus) |
| Related URL |
22087 (ISS) |
|
