---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Double-Take for Windows Information Disclosure and Denial of Service SECUNIA ADVISORY ID: SA29075 VERIFY ADVISORY: http://secunia.com/advisories/29075/ CRITICAL: Less critical IMPACT: Exposure of system information, DoS WHERE: >From local network SOFTWARE: Double-Take for Windows 4.x http://secunia.com/product/15961/ Double-Take for Windows 5.x http://secunia.com/product/17754/ DESCRIPTION: Luigi Auriemma has reported some vulnerabilities in Double-Take for Windows, which can be exploited by malicious people to disclose system information and cause a DoS (Denial of Service) 1) Errors in the Double-Take service can be exploited to e.g. cause the service to crash or consume large amounts of CPU resources by sending specially crafted packets to the service. 2) It is possible to disclose certain system information e.g. OS, program path, ethernet adapters, partitions and file system type, printer driver, and latest log entries by sending specially crafted packets to the service. The vulnerabilities are reported in version 5.0.0.2865 and in all versions of the 4.5 branch. Other versions may also be affected. SOLUTION: Use in a trusted network environment only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/doubletakedown-adv.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------