Re: Telnetd AYT overflow scanner

From: Martin Elster (melster@chello.no)
Date: 07/25/01 

Message-ID: <004701c11543$9e2bd770$1000a8c0@kogkopw00545>
From: "Martin Elster" <melster@chello.no>
To: "info" <info@secpoint.com>, <bugtraq@securityfocus.com>
Subject: Re: Telnetd AYT overflow scanner
Date: Wed, 25 Jul 2001 21:54:30 +0200

I tried this scanner on my Win2K SP2 box, and it crashed the native telnet
server (not the Telnet server provided with Services for Unix).

After a quick check it seems that this is unrelated to the recently
published Microsoft Security Bulletin MS01-039
(http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security
/bulletin/MS01-039.asp).

Cut from the bulletin:
------------------
Does this vulnerability affect the Telnet server that ships in Windows NT
4.0 or Windows 2000?

No. Both Windows NT 4.0 and Windows 2000 ship with a native Telnet server,
which is completely different from the one included in SFU 2.0. Neither are
affected by this vulnerability.

---------------------

So it seems that there is a new DOS here, unless I'm badly mistaken. I don't
know whether it is possible to exploit this to get any privileges on the
system.

BTW, I also tried this overflow scanner on a Mandrake 8.0 Linux box, running
telnet-server-0.17-7mdk, and the scanner reported this as vulnerable too.
Running the original exploit from scut didn't work though, but I've only
given it a quick test.

Anyone else have any info on this bug being exploitable on linux systems?

Cheers,

Martin

----- Original Message -----
From: "info" <info@secpoint.com>
To: <bugtraq@securityfocus.com>
Sent: Wednesday, July 25, 2001 8:50 PM
Subject: Telnetd AYT overflow scanner

>

Relevant Pages

  • Re: telnet connection limit
    ... 120642 TCP/IP and NBT Configuration Parameters for Windows 2000 or Windows ... You could try adding this registry value: ... |> You definitely must be using a different service than the Telnet Server ... |> increasing it's connection limit. ...
    (microsoft.public.win2000.networking)
  • RE: telnet connection limit
    ... Did you upgrade this server from NT 4 with Services for Unix on it? ... 233226 Telnet Server Does Not Work After Upgrading to Windows 2000 ... You definitely must be using a different service than the Telnet Server ... increasing it's connection limit. ...
    (microsoft.public.win2000.networking)
  • Re: Telnet session
    ... Telnet Server resend the text and ANSI char that would appear in a cmd.exe ... lead to "push" the previous command out of the vitual "display" space, ... Windows Telnet Server resend all the resulting "display". ... "Microsoft Telnet Server" that comes installed with some newer versions ...
    (comp.lang.python)
  • Re: Corrupt Outbox.dbx
    ... Telnet Client and Telnet Server work together to allow users to communicate with a remote computer. ... Telnet Client allows users to connect to a remote computer and interact with that computer through a terminal window. ... Telnet Server allows users of Telnet Client to log on to the computer running Telnet Server and run character-mode applications on that computer. ... please use Telnet Server from the Microsoft Windows Services for UNIX product. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)