[Dshield] Holiday Announcement

Chuck Lewis clewis at iquest.net
Fri Dec 26 16:06:57 GMT 2003


Yep - I would hope that anyone using a utility like this is several steps
above a regular user and would keep things up to date as that exploit hits
older versions. It is an INCREDIBLE utility.

Here is what I got back from Tech Support just now:

=========================================================================='
"Possible" affected versions would be anything prior to version 3.73.0.0.
 
At this time, there are no known security issues in version 3.73.0.0 or
version 4.0 of the DameWare NT Utilities and DameWare Mini Remote Control
programs. There was a "possible" Buffer Overflow issue in older versions of
the Mini Remote Client Agent Service that was recently brought to our
attention. Although we could not duplicate the "Buffer Overflow" issue, we
were able to successfully crash the Client Agent Service and therefore we
immediately resolved this issue with the release of version 3.73.0.0, which
can be downloaded from our website at http://www.dameware.com/download.
=========================================================================='

Chuck

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Johannes B. Ullrich
Sent: Friday, December 26, 2003 9:50 AM
To: General DShield Discussion List
Subject: RE: [Dshield] Holiday Announcement


> http://www.dameware.com/reference/

:-(... lets hope they are patched. I guess I figured that since
I haven't heard of it before, it wasn't used much. 

Regarding the exploit, see:

http://www.k-otik.com/exploits/08.13.nfm-shatterdame.c.php



-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 786 1563            
  fax: (617) 786 1550                          jullrich at sans.org





More information about the list mailing list