TelnetD Subject to DoS

 
TelnetD Subject to Buffer Overflow and DoS

Reported February 25, 2000 by USSRLabs

VERSIONS AFFECTED
InterAccess TelnetD Server Release 4, all builds

DESCRIPTION

UssrLabs found a bug in the code that handles the client connection procedure. This particular set of code has an unchecked buffer that can cause the TelnetD service crash, which leads to a denial of service attack.

DEMONSTRATION

http://www.ussrback.com/telnetd/dostelnetd.exe (binary)
http://www.ussrback.com/telnetd/dostelnetd.zip (source)

VENDOR RESPONSE

Pragma Systems reported that they have issued patch for TelnetD that corrects this matter.

CREDITS
Discovered by USSRLabs

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish