{"vuid":"VU#170905","idnumber":"170905","name":"DameWare Mini Remote Control vulnerable to buffer overflow via specially crafted authentication requests","keywords":["Dameware","buffer overflow","username","lstrcpyA","port 6129","DameWare Mini Remote Control","specially crafted packets","DameWare Mini Remote Control Server"],"overview":"A vulnerability in DameWare Mini Remote Control may permit an unauthenticated attacker to execute arbitrary code on the system.","clean_desc":"DameWare Mini Remote Control is a lightweight remote control program intended primarily for administrators and help desks to manage desktop systems. A buffer overflow vulnerability has been discovered in versions of DameWare Mini Remote Control prior to 4.9.0. A remote attacker can send a specially crafted packet to the DameWare Mini Remote Control (default port 6129/TCP) to mimic a client and exploit this vulnerability. Since the buffer overflow occurs in a section of the code used to handle authentication, a remote unauthenticated attacker can execute arbitrary code on a system. The CERT/CC has seen reports of active exploitation of a similar vulnerability, CERT VU#909678.","impact":"A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code.","resolution":"Apply an update\nThis issue is addressed in version 4.9.0 (alternate link).","workarounds":"Workarounds and mitigation\nBlock access to the DameWare Mini Remote Control Service port (default 6129/TCP) at the network perimeter. This will not mitigate attacks from within the firewall perimeter, but may mitigate attacks from outside your network.","sysaffected":"","thanks":"Thanks to AD for reporting this vulnerability.","author":"This document was written by Ken MacInnis.","public":["http://www.dameware.com","http://www.dameware.co.uk","http://www.frsirt.com/english/advisories/2005/1596","http://www.frsirt.com/exploits/20050831.dameware.c.php","http://secunia.com/advisories/16655/","http://sh0dan.org/files/dwmrcs372.txt","http://www.secunia.com/advisories/10439/","http://www.securityfocus.com/bid/14707","http://securitytracker.com/alerts/2005/Aug/1014830.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-09-01T13:20:53Z","publicdate":"2005-08-31T00:00:00Z","datefirstpublished":"2005-09-07T15:15:03Z","dateupdated":"2005-09-07T20:04:32Z","revision":10,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"7","cam_internetinfrastructure":"10","cam_population":"10","cam_impact":"18","cam_easeofexploitation":"10","cam_attackeraccessrequired":"15","cam_scorecurrent":"18.73125","cam_scorecurrentwidelyknown":"18.73125","cam_scorecurrentwidelyknownexploited":"25.3125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":18.73125,"vulnote":null}