Full Disclosure mailing list archives
RE: Microsoft Windows and *nix Telnet Port NumberArgument Obfuscation
From: Stephen Blass <Stephen.Blass () asu edu>
Date: Wed, 08 Jun 2005 11:39:32 -0700
It is a buffer overflow of sorts when a fixed length integer (or real or double) like the telnet port argument exceeds the expected range and mods out to become equal to the remainder that is left when the highest order bits that don't fit get thrown away. In the telnet port case it may not be a real 'vulnerability' but it is a reasonably good example of unchecked arguments allowing for unexpected behavior. In the telnet port case the overly large port number has already been crammed into the available bits by the time the code could check it anyway. So how would one teach telnet to throw away bogus port arguments that are too big then? What about with dotted quads whose parts exceed 255? You might use string arguments but then you have to watch for string overflows which have plagued us for years and occasionally still do. That you can connect to a mail host on port 25 by typing telnet mailhost 65561 is either interesting or unsettling depending on your point of view. In either case it is probably worth understanding if you're the security guru on site or you write network code. - Steve -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Richard John L Contractor 611 ACF/SCO Sent: Wednesday, June 08, 2005 9:20 AM To: 'Full Disclosure' Subject: RE: [Full-disclosure] Microsoft Windows and *nix Telnet Port NumberArgument Obfuscation I agree with the individual below...some of us are still new to this vulnerability thing (I for one) and appreciate lurking hear and taking it all in...as a matter of fact, I'd love to have the original poster, re-post...I was talking to a few others who had no idea about this and they'd love to see the article (which I'd deleted - for some reason???) -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk]On Behalf Of Arjan van der Velde Sent: Wednesday, June 08, 2005 00:05 To: 'Andrew Haninger'; nick () virus-l demon co uk Cc: 'Full Disclosure' Subject: RE: [Full-disclosure] Microsoft Windows and *nix Telnet Port NumberArgument Obfuscation Hi, I like reading posts in here to learn from. It would be good not to be too hostile against people asking questions you already know the answer for or even have known it for ages already. If I were to ask a question I would like to be educated or at least pointed in the right direction. Some replies really discourage people from asking. - Arjan -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Andrew Haninger Sent: Wednesday, June 08, 2005 9:08 To: nick () virus-l demon co uk Cc: Full Disclosure Subject: Re: [Full-disclosure] Microsoft Windows and *nix Telnet Port NumberArgument Obfuscation On 6/7/05, Nick FitzGerald <nick () virus-l demon co uk> wrote:
This has been known since Adam was a cowboy.
Well, this /is/ full-disclosure, no? Best to tell than to withhold. And while I would hope that there aren't a rash of old-school vulnerabilities blowing through the list, I, for one, was unaware that you could specify telnet ports like that. I wouldn't be surprised if I'm not alone. Now I'll know what's up if I ever see stuff like this. Though it does worry me a bit that this came from a @cisco.com address. Shouldn't they be kind of *YAWN* about all things networking? -- Andy _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Microsoft Windows and *nix Telnet Port NumberArgument Obfuscation Stephen Blass (Jun 08)
- Re: Microsoft Windows and *nix Telnet Port NumberArgument Obfuscation Atte Peltomaki (Jun 09)
- Re: Microsoft Windows and *nix Telnet Port Number Argument Obfuscation Nick FitzGerald (Jun 09)
- Re: Microsoft Windows and *nix Telnet Port NumberArgument Obfuscation Atte Peltomaki (Jun 09)