Overview
A vulnerability in DameWare Mini Remote Control may permit an unauthenticated attacker to execute arbitrary code on the system.
Description
DameWare Mini Remote Control is a lightweight remote control program intended primarily for administrators and help desks to manage desktop systems. A buffer overflow vulnerability has been discovered in versions of DameWare Mini Remote Control prior to 4.9.0. A remote attacker can send a specially crafted packet to the DameWare Mini Remote Control (default port 6129/TCP) to mimic a client and exploit this vulnerability. Since the buffer overflow occurs in a section of the code used to handle authentication, a remote unauthenticated attacker can execute arbitrary code on a system. |
Impact
A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code. |
Solution
Apply an update |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.dameware.com
- http://www.dameware.co.uk
- http://www.frsirt.com/english/advisories/2005/1596
- http://www.frsirt.com/exploits/20050831.dameware.c.php
- http://secunia.com/advisories/16655/
- http://sh0dan.org/files/dwmrcs372.txt
- http://www.secunia.com/advisories/10439/
- http://www.securityfocus.com/bid/14707
- http://securitytracker.com/alerts/2005/Aug/1014830.html
Acknowledgements
Thanks to AD for reporting this vulnerability.
This document was written by Ken MacInnis.
Other Information
| CVE IDs: | None |
| Severity Metric: | 18.73 |
| Date Public: | 2005-08-31 |
| Date First Published: | 2005-09-07 |
| Date Last Updated: | 2005-09-07 20:04 UTC |
| Document Revision: | 10 |