Tested on ver 4.11 of IBM Director. NOT Vulnerable. Suggest upgrade to ver. 4.11. Version 3.1 does NOT run on Windows 2003. FYI >>> "Juanma Merino" <t3k@ibernet.com> 4/5/2004 1:28:14 PM >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Advisory by Juanma Merino Remote DoS on IBM Director 3.1 Agent for Windows Reported to esCERT UPC on: May 2003 (no response) Vendor contacted on: March 1, 2004 (no response) Vendor: IBM (www.ibm.com) Systems Affected: IBM Director 3.1 Agent for Windows - Windows 2000 professional SP3, SP4 - Windows NT4 SP6a - Other Windows flavours not tested but probably affected too. Description: When running Amap (www.thc.org) in order to discover what protocol is running on TCP port 14247, IBM Director Agent for Windows crashes. On the Window System Event Log two events shows the crash. Restart services is needed in order to recover functionality. Detailed advisory is publish on: http://t3k.ibernet.com//Director31ad.html Note: I have no answer from IBM. I don't know if they've send my email to the trash or if they are working on it. So I've decided to post the vulnerability. If someone with greater skills wants to take a look contact me so I have more information regarding this vulnerability. E-mail: jmmerino[at]jazzfree.com - ---------------------------------------------------------------- Juanma Merino http://t3k.ibernet.com - ----------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6-2 (MingW32) - WinPT 0.5.5 iD8DBQFAcaQzlwxPI76KvK0RAjTbAKCZn4DosO+zBXnvbTY2GJwkgrVL2gCcD+/1 Ad5360qnOKGaVOVY1h/F184= =DLpP -----END PGP SIGNATURE-----