Re: Telnetd AYT overflow scanner

From: Martin Elster (
Date: 07/25/01

Message-ID: <004701c11543$9e2bd770$1000a8c0@kogkopw00545>
From: "Martin Elster" <>
To: "info" <>, <>
Subject: Re: Telnetd AYT overflow scanner
Date: Wed, 25 Jul 2001 21:54:30 +0200

I tried this scanner on my Win2K SP2 box, and it crashed the native telnet
server (not the Telnet server provided with Services for Unix).

After a quick check it seems that this is unrelated to the recently
published Microsoft Security Bulletin MS01-039

Cut from the bulletin:
Does this vulnerability affect the Telnet server that ships in Windows NT
4.0 or Windows 2000?

No. Both Windows NT 4.0 and Windows 2000 ship with a native Telnet server,
which is completely different from the one included in SFU 2.0. Neither are
affected by this vulnerability.


So it seems that there is a new DOS here, unless I'm badly mistaken. I don't
know whether it is possible to exploit this to get any privileges on the

BTW, I also tried this overflow scanner on a Mandrake 8.0 Linux box, running
telnet-server-0.17-7mdk, and the scanner reported this as vulnerable too.
Running the original exploit from scut didn't work though, but I've only
given it a quick test.

Anyone else have any info on this bug being exploitable on linux systems?



----- Original Message -----
From: "info" <>
To: <>
Sent: Wednesday, July 25, 2001 8:50 PM
Subject: Telnetd AYT overflow scanner