03-26-2003, 11:30 PM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
Security Flaw In ActiveSync
http://www.securityfocus.com/bid/7150/discussion/
"A problem with ActiveSync could make it possible for remote users to trigger a denial of service. It has been reported that under some circumstances, the ActiveSync wcescomm service can be forced to crash. Due to improper handling of some requests, the wcescomm process becomes unstable. This can result in the process crashing, requiring a manual restart to resume service."
As if AS needed help crashing.  Gory details here.
Could be worse. Anyone get a copy of "Microsoft Security Bulletin MS03-010: Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks (331953)" in their email today? I loved this line:
Quote: Although Windows NT 4.0 is affected by this vulnerability, Microsoft is unable to provide a patch for this vulnerability for Windows NT 4.0. The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability.
:lol:
|
| |
|
|
|
03-26-2003, 11:57 PM
|
|
Pontificator
Join Date: Aug 2003
Posts: 1,185
|
|
Isn't that special? What's next? Any word on this applying to AS 3.6?
I guess we don't need to start another "AS sucks" thread, but this sure does make one think about that.
|
| |
|
|
|
03-27-2003, 12:21 AM
|
|
Sage
Join Date: Mar 2004
Posts: 717
|
|
....like I needed more reasons to hate this software! :devilboy:
|
| |
|
|
|
03-27-2003, 12:35 AM
|
|
Executive Editor
Join Date: Aug 2006
Posts: 29,160
|
|
<shrug> If you don't have a firewall on your PC, someone crashing ActiveSync is the LEAST of your worries. :roll:
|
| |
|
|
|
03-27-2003, 12:37 AM
|
|
Editor Emeritus
Join Date: Aug 2006
Posts: 15,171
|
|
Quote:
|
Originally Posted by Jason Dunn
<shrug> If you don't have a firewall on your PC, someone crashing ActiveSync is the LEAST of your worries. :roll:
|
Not necessarily true. My research machine doesn't have a firewall - it would mess with a lot of my work, and I've never gotten hacked - it's just locked down properly. The AS problem is quite an annoying situation, but can't you turn off ActiveSync-over-network to solve the problem? Anyone know?
(Update: no, a "netstat -na" still shows ActiveSync running port 5679 even when the Sync over Network option is running. Aargh. I'll have to firewall that single port if MS doesn't patch it. :evil 
--janak
|
| |
|
|
|
03-27-2003, 12:40 AM
|
|
Intellectual
Join Date: Aug 2006
Posts: 251
|
|
Is anyone really surprised about another Microsoft security leak? :roll:
|
| |
|
|
|
03-27-2003, 12:47 AM
|
|
Editor Emeritus
Join Date: Aug 2006
Posts: 15,171
|
|
Just for fun: disconnect your Pocket PC, keep your ActiveSync window open, and try telnetting to 127.0.0.1 (localhost), port 5679.
It's obvious that ActiveSync is evolved from older (friendlier) days, so this DoS vulnerability is not all that surprising to me. A lot of older code wasn't really designed to be Internet-safe, like the old WinCE Services stuff, a lot of which is still in AS.
Let's just hope MS releases 3.7 soon.
--janak
|
| |
|
|
|
03-27-2003, 01:04 AM
|
|
Intellectual
Join Date: Aug 2002
Posts: 124
|
|
Quote:
|
Originally Posted by Janak Parekh
Let's just hope MS releases 3.7 soon. |
3.7? They should do a major re-write and start from scratch. In fact, it shouldn't even bear the former name... Who wants memories of AS?
I therefore submit this new name to MS: "Working Sync v1.0". Hopefully MS can develop something that might live up to it's name!
Joe...
|
| |
|
|
|
03-27-2003, 01:18 AM
|
|
Pontificator
Join Date: Aug 2003
Posts: 1,185
|
|
Quote:
|
Originally Posted by Janak Parekh
Let's just hope MS releases 3.7 soon.
--janak |
Janak- are you using AS 3.6 or 3.5? If 3.6, does this errata apply?
|
| |
|
|
|
03-27-2003, 01:29 AM
|
|
Pontificator
Join Date: Mar 2002
Posts: 1,329
|
|
Quote:
|
Originally Posted by Jason Dunn
<shrug> If you don't have a firewall on your PC, someone crashing ActiveSync is the LEAST of your worries. :roll:
|
How many business PC's have firewalls on them? Most depend on firewalls on the outskirt of the LAN/WAN where they access the internet. How many computers are out there in the enterprise environment that have activestink installed without a firewall?
This software is @$$. Active Stink Sucks.
Welcome to trustworthy computing. :|
|
| |
|
|
|
|
|
|
Linear Mode
