Bugtraq mailing list archives

Re: Telnetd AYT overflow scanner

From: "Martin Elster" <melster () chello no>
Date: Wed, 25 Jul 2001 21:54:30 +0200

I tried this scanner on my Win2K SP2 box, and it crashed the native telnet
server (not the Telnet server provided with Services for Unix).

After a quick check it seems that this is unrelated to the recently
published Microsoft Security Bulletin MS01-039
(http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security
/bulletin/MS01-039.asp).

Cut from the bulletin:
------------------
Does this vulnerability affect the Telnet server that ships in Windows NT
4.0 or Windows 2000?

No. Both Windows NT 4.0 and Windows 2000 ship with a native Telnet server,
which is completely different from the one included in SFU 2.0. Neither are
affected by this vulnerability.

---------------------

So it seems that there is a new DOS here, unless I'm badly mistaken. I don't
know whether it is possible to exploit this to get any privileges on the
system.

BTW, I also tried this overflow scanner on a Mandrake 8.0 Linux box, running
telnet-server-0.17-7mdk, and the scanner reported this as vulnerable too.
Running the original exploit from scut didn't work though, but I've only
given it a quick test.

Anyone else have any info on this bug being exploitable on linux systems?

Cheers,

Martin



----- Original Message -----
From: "info" <info () secpoint com>
To: <bugtraq () securityfocus com>
Sent: Wednesday, July 25, 2001 8:50 PM
Subject: Telnetd AYT overflow scanner

Current thread:

Telnetd AYT overflow scanner info (Jul 25)
- Re: Telnetd AYT overflow scanner Martin Elster (Jul 25)
- Re: Telnetd AYT overflow scanner Riley Hassell (Jul 25)
- <Possible follow-ups>
- Re: Telnetd AYT overflow scanner der Mouse (Jul 25)
  - Re: Telnetd AYT overflow scanner David Maxwell (Jul 26)
- Re: Telnetd AYT overflow scanner aleph1 (Jul 26)
  - Re: Telnetd AYT overflow scanner John Marquart (Jul 26)