Home page logo

bugtraq logo Bugtraq mailing list archives

Pragma Systems response to USSRLabs report
From: labs () USSRBACK COM (Ussr Labs)
Date: Wed, 23 Feb 2000 17:50:50 -0300

Hash: SHA1

Pragma Systems response to USSRLabs report

On February 22, 2000, Pragma Systems received an anonymous email
regarding a security issue reported to NT Security News, hosted by
Windows 2000 magazine, with our InterAccess TelnetD Server 4.0 for
NT. We took immediate action to determine if a problem existed. After
researching the report and the company reporting the issue, USSRLabs,
we have determined that a possible problem could exist.

We have been unable to duplicate the problem with the January 5, 2000
Build 7 release available from our site. We have tested our server
installed on NT4 SP5, Windows 2000 Build 2128, and NT4 SP 6a. From
the USSRLabs website, we have discovered that they tested with Build
4, build date of May 4, 1998, and did not complete the testing with
the latest version to determine if the problem had been fixed. Please
note, that this company did report the problem as occuring with a
build nearly 2 years old. We do not have any information about what
type of system USSRLabs did their testing on.

The reported problem results in a 100% CPU usage. From our experience
this is caused by a Winsock error during a recv() call. It is
possible that this error would only occur on systems running the
Service packs with winsock updates. Pragma Systems has requested
testing procedures from USSRLabs to verify if a service pack update
was attempted to solve the problem. At this time, we have little
information about how this result was produced.

Solutions to this problem are to update service packs and InterAccess
TelnetD Server 4.0 to the latest build.

For any further information on our testing and available updates,
contact Beth Henry, Software Project Lead, at bethlh () pragmasys com 

Thank you for taking the time to research this issue for yourself.

Pragma Systems, Inc.
13706 Research Blvd, #301
Austin, TX 78750
(512) 219-7270
pragma () pragmasys com

from http://www.pragmasys.com/USSR_response.htm
- ----------------------------------------------------------------------
- ----------------------------------------------------

Appear the people of Pragma Systems, no undertand what is the real
problem, the exploit (from us), made 100% usage, there are no
problems in winsock or services pack.

The program TelnetD have the problem in the implementation of the
recv , who have a unchecked buffer, who cause a buffer overflow.

u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c

Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]