Vulnerability Note VU#170905
DameWare Mini Remote Control vulnerable to buffer overflow via specially crafted authentication requests
A vulnerability in DameWare Mini Remote Control may permit an unauthenticated attacker to execute arbitrary code on the system.
DameWare Mini Remote Control is a lightweight remote control program intended primarily for administrators and help desks to manage desktop systems.
A buffer overflow vulnerability has been discovered in versions of DameWare Mini Remote Control prior to 4.9.0. A remote attacker can send a specially crafted packet to the DameWare Mini Remote Control (default port 6129/TCP) to mimic a client and exploit this vulnerability. Since the buffer overflow occurs in a section of the code used to handle authentication, a remote unauthenticated attacker can execute arbitrary code on a system.
The CERT/CC has seen reports of active exploitation of a similar vulnerability, CERT VU#909678.
A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code.
Workarounds and mitigation
Block access to the DameWare Mini Remote Control Service port (default 6129/TCP) at the network perimeter. This will not mitigate attacks from within the firewall perimeter, but may mitigate attacks from outside your network.
If you are a vendor and your product is affected, let
|Vendor||Status||Date Notified||Date Updated|
|DameWare||Affected||07 Sep 2005||07 Sep 2005|
Thanks to AD for reporting this vulnerability.
This document was written by Ken MacInnis.
31 Aug 2005
Date First Published:
07 Sep 2005
Date Last Updated:
07 Sep 2005
If you have feedback, comments, or additional information about this vulnerability, please send us email.