Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NEWS] Neslo Desktop Rover Remote DoS

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NEWS] Neslo Desktop Rover Remote DoS
Date: 21 Apr 2005 16:12:23 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Neslo Desktop Rover Remote DoS
------------------------------------------------------------------------


SUMMARY

 <http://www.nelsosoftware.com> Desktop Rover is "a software application 
for Microsoft Windows that provides the features of a hardware KVM 
(Keyboard, Video, Mouse)". Desktop Rover is vulnerable to a denial of 
service (DoS). A remote attacker could send a specially crafted packet to 
trigger an invalid memory access to crash the application, resulting in a 
denial of service.

DETAILS

Vulnerable Systems:
 * Neslo Desktop Rover version 3.0

Immune Systems:
 * Neslo Desktop Rover version 3.1

By default the Desktop Rover listens on port 61427/TCP, it also 
conveniently opens up this port in the Windows XP personal firewall. This 
packet is an example packet that will cause a denial of service, there are 
more variations, but this will suffice for example.

20:23:48.778009 192.168.28.133.32771 > 192.168.28.129.61427: P [tcp sum 
ok] 1:13(12) ack 1 win 5840 (DF) (ttl 64, id 24051, len 64)

     4500 0040 5df3 4000 4006 226e c0a8 1c85
     c0a8 1c81 8003 eff3 90a8 d150 7cda 8afa
     8018 16d0 daab 0000 0101 080a 0000 8cbe
     0000 0000 6352 0100 0000 0000 0000 0000

Solution:
The vendor is releasing a fix in version 3.1 soon which will address the 
vulnerability, until then restricting access to the Desktop Rover ports 
will reduce the risk of this vulnerability being exploited.

Disclosure Timeline:
4.14.2005 - Initial vendor contact by e-mail
4.15.2005 - Initial vendor response. Vendor addressed vulnerability. Fix 
confirmed by EvilPacket Security Research
4.19.2005 - Advisory released


ADDITIONAL INFORMATION

The information has been provided by  <mailto:evilpacket@gmail.com> Adam 
Baldwin.
The original article can be found at:  
<http://www.evilpacket.net/advisories/EP-000-0003.html> 
http://www.evilpacket.net/advisories/EP-000-0003.html



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NEWS] Neslo Desktop Rover Remote DoS, SecuriTeam <=
Previous by Date:  [NT] Windows File Selection May Lead to Command Execution, SecuriTeam
Next by Date:  [EXPL] Microsoft MSHTA Script Execution Vulnerability (PoC, MS05-016), SecuriTeam
Previous by Thread:  [NT] Windows File Selection May Lead to Command Execution, SecuriTeam
Next by Thread:  [EXPL] Microsoft MSHTA Script Execution Vulnerability (PoC, MS05-016), SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]