COMMAND

    Remote Desktop

SYSTEMS AFFECTED

    Win95/95/ME running Mcafee Remote Desktop 3.0 and below

PROBLEM

    'altomo' found following.  It  is possible for remote attacker  to
    crash Remote Desktop session -  in some cases crashing the  remote
    desktop agent.

    Remote desktop agent listens on ports  5044 and 5045.  5044 is  to
    send  data  and  5045  is  to  receive  data.   After a session is
    started a 3rd system can be used to send data to port 5045 of  the
    agent and crash the session.  The agent will then not respond  for
    roughly a minute, and in some cases not respond until restarted.

    To recreate this simply use netcat  and send lots of data to  port
    5045 on the client system.

SOLUTION

    Don't use Remote Desktop  on public infrastructure.   Filter where
    ever possible.