Bugtraq mailing list archives

advisory for Pragma Interaccess

From: neme-dhc () hushmail com
Date: Wed, 6 Jun 2001 20:49:48 -0500 (EDT)

 [ Advisory for Pragma InterAccess                 ]
 [ Pragma InterAccess is made by Pragma Systems    ]
 [ Site: http://www.pragmasys.com                  ]
 [ by nemesystm of the DHC                         ]
 [ (http://dhcorp.cjb.net - neme-dhc () hushmail com) ]
 [ ADV-0119                                        ]

/-|=[explanation]=|-\
Pragma InterAccess provides daemons like telnet, 
rexecd and rshd for the Windows environment. It is
vulnerable to a denial of service.

/-|=[who is vulnerable]=|-\
Pragma InterAccess Release 4.0 Build 5
has been tested and was vulnerable. Prior versions
are assumed to be vulnerable as well.

/-|=[testing it]=|-\
Sending a burst of characters with a length of 
15000 to port 23 Interaccess will crash with:
Telnet95 has caused an error to occur in 
telnet95.exe

I have made a perl script that exploits this. It is
in the advisory that is available on the DHC site.
http://www.emc2k.com/dhcorp/homebrew/pragma.zip

/-|=[fix]=|-\
Install Pragma InterAccess Release 4.0 Build 6.
Free, encrypted, secure Web-based email at www.hushmail.com

Current thread:

advisory for Pragma Interaccess neme-dhc (Jun 07)