Vulnerability Development mailing list archives
Re: Windows2000 telnet exploit
From: Marty <marty () NETWAYNETWORKS COM AU>
Date: Sat, 25 Nov 2000 08:31:24 +1000
(non-MS) software which uses Windows 2000 authentication. I do not think this is a buffer overflow, the error message suggests that Windows 2000 is searching for some file: I cannot see any reason behind this.
The filename or extension is too long.
Seems more likely that M$ are actually checking the length of the input, probably using a shared handler routine returning a generic user error message. I bet the bounds checking was added as an afterthought ;) (service pack 1 maybe?) ;) This probably explains why the gold code for 2K was 25 million lines, yet is now quoted to be 30 million ;) Ah Micro$oft, where do we want you to go today? ;) Cheers, Marty
Current thread:
- Windows2000 telnet exploit Philip Wagenaar (Nov 23)
- <Possible follow-ups>
- Re: Windows2000 telnet exploit Sandro Gauci (Nov 24)
- Re: Windows2000 telnet exploit Olle Segerdahl (Nov 25)
- Re: Windows2000 telnet exploit Marty (Nov 27)
- Re: Windows2000 telnet exploit Robert G. Ferrell (Nov 28)
- Re: Windows2000 telnet exploit David Rhodus (Nov 29)