[14053] in bugtraq
Re: Local / Remote D.o.S Attack in InterAccess TelnetD Server
daemon@ATHENA.MIT.EDU (Edith Myers)
Mon Feb 28 00:56:48 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <3.0.6.32.20000225164137.00822790@mail.pragmasys.com>
Date: Fri, 25 Feb 2000 16:41:37 -0600
Reply-To: Edith Myers <emyers@PRAGMASYS.COM>
From: Edith Myers <emyers@PRAGMASYS.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <NCBBKFKDOLAGKIAPMILPEELFCCAA.labs@ussrback.com>
There is a FIX for InterAccess TelnetD Server 4.0 on Pragma Systems Web
site www.pragmasys.com/TelnetD
In the left frame select "Get the latest version of InterAccess TelnetD
Product" and download the latest version (if you are a current user) or
"Download InterAccess TelnetD Trial"
If you download this, then you should not encounter the problem.
At 06:37 PM 02/24/2000 -0300, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Local/Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0
>*ALL BUILDS* for Windows95/98/WinNT Vulnerability
>
>USSR Advisory Code: USSR-2000034
>
>Release Date:
>February 24 2000
>
>Systems Affected:
>InterAccess TelnetD Server 4.0 for WinNT and others versions.
>InterAccess TelnetD Server 4.0 for Windows95/98 and others versions.
>InterAccess TelnetD Server 4.0 build 4 for WiNT
>InterAccess TelnetD Server 4.0 build 5 for WiNT
>InterAccess TelnetD Server 4.0 build 6 for WiNT
>InterAccess TelnetD Server 4.0 build 7 for WiNT (Release 4.0 Build
>Jan 5 2000)
>InterAccess TelnetD Server 4.0 for Windows95/98 Build 3
>InterAccess TelnetD Server 4.0 for Windows95/98 Build (Release 4.0
>Build Jan 6 2000)
>
>
>THE PROBLEM
>
>UssrLabs found a Local / Remote DOS Attack, The code that handles the
>Terminal client configurations to the
>Telnet server in the connection procedure, has an unchecked size that
>cause the TelnetD Service Crash.
>
>Binary or source for this D.O.S:
>http://www.ussrback.com/telnetd/dostelnetd.exe (binary)
>http://www.ussrback.com/telnetd/dostelnetd.zip (Source)
>
>Vendor Status:
>We show to the vendor the d.o.s Problem and the vendor think we
>pinging to the machine, so,
>that is like Vendor not contacted :)
>
>Vendor Url: http://www.pragmasys.com/
>Program Url: http://www.pragmasys.com/TelnetD/
>Program Url: http://www.pragmasys.com/Telnet95/
>
>Credit: USSRLABS
>
>SOLUTION
>Contact Pragma Systems.
>
>
>NOTE:
>We try help pragma people to show their program is vulnerable to
>D.o.S attack, and the only responce of
>pragma was "STOP PING SERVER", so we decide release the advisory.
>
>
>Greetings:
>Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, HNN, Technotronic and
>Wiretrip.
>
>u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c
>h
>http://www.ussrback.com
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>
>
>iQA/AwUBOLWkh9ybEYfHhkiVEQLYSQCgiEwqVMHpZ1ei8by8nRRcE59JrvEAnAut
>10nFeo5iNnCUai5QG/uQ43Et
>=Smt3
>-----END PGP SIGNATURE-----
>
Director of Marketing & Operations Tel: 512-219-7270
Pragma Systems, Inc. Fax: 512-219-7110
http://www.pragmasys.com
^ ^
^ ^ ^ ^
O O
=== _|_ ===
