Bugtraq mailing list archives

Remote DoS Attack in BFTelnet Server v1.1 for Windows NT

From: labs () USSRBACK COM (Ussr Labs)
Date: Thu, 4 Nov 1999 05:10:32 -0300


Remote DoS Attack in BFTelnet Server v1.1 for Windows NT

PROBLEM

UssrLabs found a Remote DoS Attack in BFTelnet Server v1.1 for Windows NT,
the buffer overflow is caused by a long user name 3090 characters.
If BFTelnet Server is running as a service the service will exit and no
messages
are displayed on the screen.

There is not much to expand on.... just a simple hole

Example:

palometa@hellme]$ telnet example.com
        Trying example.com...
        Connected to example.com.
        Escape character is '^]'.
        Byte Fusion Telnet, Copyright 1999 Byte Fusion Corporation
        Unregistered Evaluation. See www.bytefusion.com/telnet.html
        (Machine name) Login: [buffer]

Where [buffer] is aprox. 3090 characters. At his point the telnet server
close.

Vendor Status:
Contacted

Vendor   Url: www.bytefusion.com
Program Url: www.bytefusion.com/telnet.html

Credit: USSRLABS

SOLUTION

    Nothing yet.

Current thread:

Remote DoS Attack in BFTelnet Server v1.1 for Windows NT Ussr Labs (Nov 04)