-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Server 4.0 for Windows NT USSR Advisory Code: USSR-2000033 Release Date: February 22, 2000 Systems Affected: InterAccess TelnetD Server 4.0 for Windows NT and possibly others versions. THE PROBLEM UssrLabs found a Local / Remote Buffer overflow, The code that handles the login commands in the telnet session has an unchecked buffer that will allow arbitrary code to be executed if it is overflowed. Example: [hellme@die-communitech.net$ telnet example.com Trying example.com... Connected to example.com. Escape character is '^]'. InterAccess TelnetD Server (30 Day Trial Version) Release 4.0 Copyright (C) 1994-1999 by Pragma Systems, Inc. All rights reserved. This copy will expire on Tue Mar 21 21:55:14 2000 login name: (buffer) Where [buffer] is aprox. 300 characters. Binary or source for this Exploit: http://www.ussrback.com/ Exploit: the Exploit, lags the machine until 100% cpu time Vendor Status: i email the vendor 4 times, and i dont have any responce :( Vendor Url: http://www.pragmasys.com/ Program Url: http://www.pragmasys.com/TelnetD/ Credit: USSRLABS SOLUTION Noting yet. Greetings: Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, HNN, Technotronic and Wiretrip. u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h http://www.ussrback.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBOLDB5dybEYfHhkiVEQJtMQCfYvxwNCbYTsYcpKhJa0MWZiMYQ+0AoJ8k Y9lyditOWEpG2QdrFjr2RMpD =1frN -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:36:25 PDT