Tested on NTW 4.0 SP4 w/ InterAccess TelnetD 4.0 Build 8 for NT, evaluation version. No effect. I will note that Build 8 was released on February 25 (today). The online release notes, as well as the README.TXT in the TelnetD subdirectory, contain these lines: ------------- Release 4.0 Build 8 Start ---------------------------------- - FIX: Denial of Service vulnerability issue ------------- Release 4.0 Build 8 End ---------------------------------- No mention, however, is made of this problem on any other page I could find on their Web site: no advisories, recommendations, or whatever. Additionally, I could not find any mention of USSR Labs anywhere on their site for attribution. They do apparently allow licensed users of TelnetD 4.0 to download updated versions (but not versions 3.0 or earlier, as far as I can tell). Draw your own conclusions.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:37:27 PDT