[14046] in bugtraq
Re: Local / Remote D.o.S Attack in InterAccess TelnetD Server Rel
daemon@ATHENA.MIT.EDU (Licquia, Jeff)
Sun Feb 27 23:14:28 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <B354AE82055CD311854A00902779138F1002@sc-data.springfieldclinic.com>
Date: Fri, 25 Feb 2000 17:01:43 -0600
Reply-To: "Licquia, Jeff" <JLicquia@SPRINGFIELDCLINIC.COM>
From: "Licquia, Jeff" <JLicquia@SPRINGFIELDCLINIC.COM>
X-To: "bugtraq@securityfocus.com" <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM
Tested on NTW 4.0 SP4 w/ InterAccess TelnetD 4.0 Build 8 for NT, evaluation
version. No effect.
I will note that Build 8 was released on February 25 (today). The online
release notes, as well as the README.TXT in the TelnetD subdirectory,
contain these lines:
------------- Release 4.0 Build 8 Start ----------------------------------
- FIX: Denial of Service vulnerability issue
------------- Release 4.0 Build 8 End ----------------------------------
No mention, however, is made of this problem on any other page I could find
on their Web site: no advisories, recommendations, or whatever.
Additionally, I could not find any mention of USSR Labs anywhere on their
site for attribution. They do apparently allow licensed users of TelnetD
4.0 to download updated versions (but not versions 3.0 or earlier, as far as
I can tell).
Draw your own conclusions.
