Reported
January 5, 2004 by Donato Ferrante.
VERSIONS
AFFECTED
GoodTech Systems Telnet
Server 4.0.103
DESCRIPTION
GoodTech Systems Telnet Server 4.0.103
contains a Denial of Service (DoS) vulnerability. By sending an overly long
string as input to the vulnerable server, an attacker can cause the server to
stop responding.
To
test the vulnerability, simply send a long string to the Telnet server, perl
-e 'print "a"x8245' | nc server 23
VENDOR
RESPONSE
CREDIT
Discovered by
Donato Ferrante.
DEMONSTRATION
The discoverer posted the following demonstration as proof of concept:
Alternatively, a string like :
aaaa\[..a..\]aa ( 8245 of a )GoodTech Systems has released version 4.0.104, which isn't vulnerable to this condition.
Denial of Service in GoodTech Systems Telnet Server for Windows
0 comments
Hide comments