Local/Remote D.o.S Attack in InterAccess Telnet Server Release 4.0 *ALL BUILDS* for Windows95/98/WinNT Vulnerability

   

TelnetD

InterAccess Telnet Server Release 4.0 *ALL BUILDS* for Windows95/98/WinNT

Binary DOS

dostelnetd.exe

Source of Binary DOS

dostelnetd.zip


USSR Advisory Code:   USSR-2000034


USSR Advisory Code:   USSR-2000034

Release Date:
February 24 2000

Systems Affected:
InterAccess TelnetD Server 4.0 for WinNT and others versions.
InterAccess TelnetD Server 4.0 for Windows95/98 and others versions.
InterAccess TelnetD Server 4.0 build 4 for WiNT
InterAccess TelnetD Server 4.0 build 5 for WiNT
InterAccess TelnetD Server 4.0 build 6 for WiNT
InterAccess TelnetD Server 4.0 build 7 for WiNT (Release 4.0   Build Jan  5 2000)

InterAccess TelnetD Server 4.0 for Windows95/98 Build 3
InterAccess TelnetD Server 4.0 for Windows95/98 Build (Release 4.0   Build Jan  6 2000)


THE PROBLEM

UssrLabs found a Local / Remote DOS Attack, The code that handles the Terminal client configurations to the 
Telnet server in the connection procedure, has an unchecked size that cause the TelnetD Service Crash.

Binary or source for this D.O.S: 
http://www.ussrback.com/telnetd/dostelnetd.exe  (binary)
http://www.ussrback.com/telnetd/dostelnetd.zip  (Source)

Vendor Status:
We show to the vendor the d.o.s Problem and the vendor think we pinging to the machine, so, 
that is like Vendor not contacted :)

Vendor   Url: http://www.pragmasys.com/
Program Url: http://www.pragmasys.com/TelnetD/
Program Url: http://www.pragmasys.com/Telnet95/

Credit: USSRLABS

SOLUTION
Update to Build 8 Released.


NOTE:
We try help pragma people to show their program is vulnerable to D.o.S attack, and the only responce of 
pragma was "STOP PING SERVER", so we decide release the advisory.

Greetings:
Eeye, Attrition, w00w00, beavuh, Rhino9, ADM, HNN, Technotronic and Wiretrip.