Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Server 4.0 for Windows NT

   

TelnetD

InterAccess TelnetD Server 4.0 for Windows NT

Binary Exploit

ex_telnd.exe

Source of Binary Exploit

ex_telnd.zip


USSR Advisory Code:   USSR-2000033


Release Date:
February 22, 2000

Systems Affected:
InterAccess TelnetD Server 4.0 for Windows NT  and possibly others versions.

THE PROBLEM

UssrLabs found a Local / Remote Buffer overflow, The code that handles the login commands in the telnet
session has an unchecked buffer that will allow arbitrary code to be executed if it is overflowed.


Example:
[hellme@die-communitech.net$ telnet example.com
Trying example.com...
Connected to example.com.
Escape character is '^]'.
InterAccess TelnetD Server (30 Day Trial Version)
Release 4.0   Build May  4 1998
Copyright (C) 1994-1998 by Pragma Systems, Inc.
All rights reserved.

This copy will expire on Tue Mar 21 20:01:50 2000

login name:  (buffer)

Where [buffer] is aprox. 300 characters.

Exploit: the Exploit, lags the machine until 100% cpu time

Vendor Status:
Now Contacted

Vendor   Url: http://www.pragmasys.com/
Program Url: http://www.pragmasys.com/TelnetD/

Credit: USSRLABS

SOLUTION
Noting yet.

Greetings:
Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, HNN, Technotronic and Wiretrip.