Remote DoS Attack in BFTelnet Server v1.1 for Windows NT

From: Ussr Labs (labsat_private)
Date: Thu Nov 04 1999 - 00:10:32 PST

Next message: Kerb: "More Alibaba Web Server problems..."

Previous message: Tellier, Brock: "hylafax-4.0.2 local exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Remote DoS Attack in BFTelnet Server v1.1 for Windows NT

PROBLEM

UssrLabs found a Remote DoS Attack in BFTelnet Server v1.1 for Windows NT,
the buffer overflow is caused by a long user name 3090 characters.
If BFTelnet Server is running as a service the service will exit and no
messages
are displayed on the screen.

There is not much to expand on.... just a simple hole


Example:

palometa@hellme]$ telnet example.com
        Trying example.com...
        Connected to example.com.
        Escape character is '^]'.
	Byte Fusion Telnet, Copyright 1999 Byte Fusion Corporation
	Unregistered Evaluation. See www.bytefusion.com/telnet.html
	(Machine name) Login: [buffer]


Where [buffer] is aprox. 3090 characters. At his point the telnet server
close.

Vendor Status:
Contacted

Vendor   Url: www.bytefusion.com
Program Url: www.bytefusion.com/telnet.html

Credit: USSRLABS

SOLUTION

    Nothing yet.

Next message: Kerb: "More Alibaba Web Server problems..."
Previous message: Tellier, Brock: "hylafax-4.0.2 local exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:36 PDT