From technotronic1@home.com Mon Feb 21 13:24:46 2000 From: vacuum To: news@technotronic.com Date: Sun, 20 Feb 2000 19:56:33 -0600 Subject: Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Server 4.0 for Windows NT -----Original Message----- From: "Ussr Labs" To: "TECHNOTRONIC" Subject: Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Server 4.0 for Windows NT Date: Mon, 21 Feb 2000 01:39:48 -0300 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Server 4.0 for Windows NT USSR Advisory Code: USSR-2000033 Release Date: February 22, 2000 Systems Affected: InterAccess TelnetD Server 4.0 for Windows NT and possibly others versions. THE PROBLEM UssrLabs found a Local / Remote Buffer overflow, The code that handles the login commands in the telnet session has an unchecked buffer that will allow arbitrary code to be executed if it is overflowed. Example: [hellme@die-communitech.net$ telnet example.com Trying example.com... Connected to example.com. Escape character is '^]'. InterAccess TelnetD Server (30 Day Trial Version) Release 4.0 Copyright (C) 1994-1999 by Pragma Systems, Inc. All rights reserved. This copy will expire on Tue Mar 21 21:55:14 2000 login name: (buffer) Where [buffer] is aprox. 300 characters. Binary or source for this Exploit: http://www.ussrback.com/ Exploit: the Exploit, lags the machine until 100% cpu time Vendor Status: i email the vendor 4 times, and i dont have any responce :( Vendor Url: http://www.pragmasys.com/ Program Url: http://www.pragmasys.com/TelnetD/ Credit: USSRLABS SOLUTION Noting yet. Greetings: Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, HNN, Technotronic and Wiretrip. u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h http://www.ussrback.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use iQA/AwUBOLDBbtybEYfHhkiVEQKuVgCfSGOwy/ZTOMbEeaGjo4aVFrTHVosAoJ5Y eRKOsjJ8U/a0WyZVALd6Y/Tq =QUCp -----END PGP SIGNATURE-----