Bugtraq mailing list archives
Re: Win2k Telnet.exe malicious server vulnerability
From: Blue Boar <BlueBoar () THIEVCO COM>
Date: Thu, 14 Sep 2000 22:17:16 -0700
Regarding various dates that people were notified, advisories released, patches made, etc.. Umm... I suppose It's possible that I'm smarter (and better lookin to boot!) that all the other parties involved here.... but didn't Dildog and Sir Dystic pretty much announce the same vulnerability during the cDc talk at Defcon this year? Just before the gorilla came on stage, and they started flinging meat at everyone. So, didn't a couple thousand of us pick up on what was being said about this at that time? I point this out only because it leads some credence to the idea that lots of folks knew about this, and perhaps some amount of pressure on MS to hurry was appropriate. When Dildog mentioned being able to trick an MS box into connecting to you, and when it came time to issue a challenge, connecting to the same victim, and using the challenge it gave back against itself.. And then he immediately mentions that the telnet client in W2K tries MS-CHAP by default... well *I* knew exactly what he was getting at... was I alone? BB
Current thread:
- Win2k Telnet.exe malicious server vulnerability monti (Sep 13)
- Re: Win2k Telnet.exe malicious server vulnerability Jim Paris (Sep 14)
- Re: Win2k Telnet.exe malicious server vulnerability Micah Webner (Sep 14)
- <Possible follow-ups>
- Re: Win2k Telnet.exe malicious server vulnerability Microsoft Security Response Center (Sep 14)
- Re: Win2k Telnet.exe malicious server vulnerability monti (Sep 14)
- Re: Win2k Telnet.exe malicious server vulnerability Microsoft Security Response Center (Sep 14)
- Re: Win2k Telnet.exe malicious server vulnerability Tim Hollebeek (Sep 14)
- Re: Win2k Telnet.exe malicious server vulnerability Blue Boar (Sep 15)
- Re: Win2k Telnet.exe malicious server vulnerability Рягин Михаил Юрьевич (Sep 15)
- Re: Win2k Telnet.exe malicious server vulnerability Bronek Kozicki (Sep 17)
- Re: Win2k Telnet.exe malicious server vulnerability J Edgar Hoover (Sep 18)
- Re: Win2k Telnet.exe malicious server vulnerability Bronek Kozicki (Sep 17)