Re: Telnetd AYT overflow scanner

From: Martin Elster (melster@chello.no)
Date: 07/25/01


Message-ID: <004701c11543$9e2bd770$1000a8c0@kogkopw00545>
From: "Martin Elster" <melster@chello.no>
To: "info" <info@secpoint.com>, <bugtraq@securityfocus.com>
Subject: Re: Telnetd AYT overflow scanner
Date: Wed, 25 Jul 2001 21:54:30 +0200

I tried this scanner on my Win2K SP2 box, and it crashed the native telnet
server (not the Telnet server provided with Services for Unix).

After a quick check it seems that this is unrelated to the recently
published Microsoft Security Bulletin MS01-039
(http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security
/bulletin/MS01-039.asp).

Cut from the bulletin:
------------------
Does this vulnerability affect the Telnet server that ships in Windows NT
4.0 or Windows 2000?

No. Both Windows NT 4.0 and Windows 2000 ship with a native Telnet server,
which is completely different from the one included in SFU 2.0. Neither are
affected by this vulnerability.

---------------------

So it seems that there is a new DOS here, unless I'm badly mistaken. I don't
know whether it is possible to exploit this to get any privileges on the
system.

BTW, I also tried this overflow scanner on a Mandrake 8.0 Linux box, running
telnet-server-0.17-7mdk, and the scanner reported this as vulnerable too.
Running the original exploit from scut didn't work though, but I've only
given it a quick test.

Anyone else have any info on this bug being exploitable on linux systems?

Cheers,

Martin

----- Original Message -----
From: "info" <info@secpoint.com>
To: <bugtraq@securityfocus.com>
Sent: Wednesday, July 25, 2001 8:50 PM
Subject: Telnetd AYT overflow scanner

>