SCO - Telnetd AYT overflow ?

From: KF (dotslash@snosoft.com)
Date: 07/25/01


Message-ID: <3B5E78EE.339FC4F1@snosoft.com>
Date: Wed, 25 Jul 2001 03:44:46 -0400
From: KF <dotslash@snosoft.com>
To: bugtraq@securityfocus.com, tigger@caldera.com
Subject: SCO - Telnetd AYT overflow ? 

Based on the results from the Telnet AYT scanner provided by
info@secpoint.com SCO OpenServer may be vulnerable. tested versions
5.0.5 and 5.0.6.

Can Caldera or perhaps someone else verify this?

[elguapo@linux elguapo]$ ./tel 10.102.31.26
Telnetd AYT overflow scanner, by Security Point(R)
Host: 10.102.31.26
Connected to remote host...
Sending telnet options... stand by...
Telnetd on 10.102.31.26 vulnerable

[elguapo@linux elguapo]$ telnet 10.102.31.26
Trying 10.102.31.26...
Connected to 10.102.31.26.
Escape character is '^]'.
 
SCO OpenServer(TM) Release 5 (unixdev.ckfr.com) (ttyp7)
Welcome to UnixDev
 
login:
elnet> quit
Connection closed.

-KF