Bugtraq mailing list archives
Re: Local / Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0 *ALL BUILDS* for WinNT Vulnerability
From: emyers () PRAGMASYS COM (Edith Myers)
Date: Fri, 25 Feb 2000 16:41:37 -0600
There is a FIX for InterAccess TelnetD Server 4.0 on Pragma Systems Web site www.pragmasys.com/TelnetD In the left frame select "Get the latest version of InterAccess TelnetD Product" and download the latest version (if you are a current user) or "Download InterAccess TelnetD Trial" If you download this, then you should not encounter the problem. At 06:37 PM 02/24/2000 -0300, you wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Local/Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0 *ALL BUILDS* for Windows95/98/WinNT Vulnerability USSR Advisory Code: USSR-2000034 Release Date: February 24 2000 Systems Affected: InterAccess TelnetD Server 4.0 for WinNT and others versions. InterAccess TelnetD Server 4.0 for Windows95/98 and others versions. InterAccess TelnetD Server 4.0 build 4 for WiNT InterAccess TelnetD Server 4.0 build 5 for WiNT InterAccess TelnetD Server 4.0 build 6 for WiNT InterAccess TelnetD Server 4.0 build 7 for WiNT (Release 4.0 Build Jan 5 2000) InterAccess TelnetD Server 4.0 for Windows95/98 Build 3 InterAccess TelnetD Server 4.0 for Windows95/98 Build (Release 4.0 Build Jan 6 2000) THE PROBLEM UssrLabs found a Local / Remote DOS Attack, The code that handles the Terminal client configurations to the Telnet server in the connection procedure, has an unchecked size that cause the TelnetD Service Crash. Binary or source for this D.O.S: http://www.ussrback.com/telnetd/dostelnetd.exe (binary) http://www.ussrback.com/telnetd/dostelnetd.zip (Source) Vendor Status: We show to the vendor the d.o.s Problem and the vendor think we pinging to the machine, so, that is like Vendor not contacted :) Vendor Url: http://www.pragmasys.com/ Program Url: http://www.pragmasys.com/TelnetD/ Program Url: http://www.pragmasys.com/Telnet95/ Credit: USSRLABS SOLUTION Contact Pragma Systems. NOTE: We try help pragma people to show their program is vulnerable to D.o.S attack, and the only responce of pragma was "STOP PING SERVER", so we decide release the advisory. Greetings: Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, HNN, Technotronic and Wiretrip. u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h http://www.ussrback.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBOLWkh9ybEYfHhkiVEQLYSQCgiEwqVMHpZ1ei8by8nRRcE59JrvEAnAut 10nFeo5iNnCUai5QG/uQ43Et =Smt3 -----END PGP SIGNATURE-----
Director of Marketing & Operations Tel: 512-219-7270 Pragma Systems, Inc. Fax: 512-219-7110 http://www.pragmasys.com ^ ^ ^ ^ ^ ^ O O === _|_ ===
Current thread:
- Local / Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0 *ALL BUILDS* for WinNT Vulnerability Ussr Labs (Feb 24)
- Re: Local / Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0 *ALL BUILDS* for WinNT Vulnerability Edith Myers (Feb 25)
