There is a FIX for InterAccess TelnetD Server 4.0 on Pragma Systems Web site www.pragmasys.com/TelnetD In the left frame select "Get the latest version of InterAccess TelnetD Product" and download the latest version (if you are a current user) or "Download InterAccess TelnetD Trial" If you download this, then you should not encounter the problem. At 06:37 PM 02/24/2000 -0300, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Local/Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0 >*ALL BUILDS* for Windows95/98/WinNT Vulnerability > >USSR Advisory Code: USSR-2000034 > >Release Date: >February 24 2000 > >Systems Affected: >InterAccess TelnetD Server 4.0 for WinNT and others versions. >InterAccess TelnetD Server 4.0 for Windows95/98 and others versions. >InterAccess TelnetD Server 4.0 build 4 for WiNT >InterAccess TelnetD Server 4.0 build 5 for WiNT >InterAccess TelnetD Server 4.0 build 6 for WiNT >InterAccess TelnetD Server 4.0 build 7 for WiNT (Release 4.0 Build >Jan 5 2000) >InterAccess TelnetD Server 4.0 for Windows95/98 Build 3 >InterAccess TelnetD Server 4.0 for Windows95/98 Build (Release 4.0 >Build Jan 6 2000) > > >THE PROBLEM > >UssrLabs found a Local / Remote DOS Attack, The code that handles the >Terminal client configurations to the >Telnet server in the connection procedure, has an unchecked size that >cause the TelnetD Service Crash. > >Binary or source for this D.O.S: >http://www.ussrback.com/telnetd/dostelnetd.exe (binary) >http://www.ussrback.com/telnetd/dostelnetd.zip (Source) > >Vendor Status: >We show to the vendor the d.o.s Problem and the vendor think we >pinging to the machine, so, >that is like Vendor not contacted :) > >Vendor Url: http://www.pragmasys.com/ >Program Url: http://www.pragmasys.com/TelnetD/ >Program Url: http://www.pragmasys.com/Telnet95/ > >Credit: USSRLABS > >SOLUTION >Contact Pragma Systems. > > >NOTE: >We try help pragma people to show their program is vulnerable to >D.o.S attack, and the only responce of >pragma was "STOP PING SERVER", so we decide release the advisory. > > >Greetings: >Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, HNN, Technotronic and >Wiretrip. > >u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c >h >http://www.ussrback.com > >-----BEGIN PGP SIGNATURE----- >Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> > >iQA/AwUBOLWkh9ybEYfHhkiVEQLYSQCgiEwqVMHpZ1ei8by8nRRcE59JrvEAnAut >10nFeo5iNnCUai5QG/uQ43Et >=Smt3 >-----END PGP SIGNATURE----- > Director of Marketing & Operations Tel: 512-219-7270 Pragma Systems, Inc. Fax: 512-219-7110 http://www.pragmasys.com ^ ^ ^ ^ ^ ^ O O === _|_ ===
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:37:25 PDT