Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD (fwd)

From: ah () SECURITYFOCUS COM (Alfred Huger)
Date: Wed, 23 Feb 2000 09:00:52 -0800

---------- Forwarded message ----------
Date: Wed, 23 Feb 2000 10:59:20 -0600
From: Edith Myers <emyers () pragmasys com>
To: vuldb () securityfocus com
Subject: Local / Remote Exploiteable Buffer Overflow Vulnerability in
    InterAccess TelnetD

Hello --

We have been in current contact with USSR Labs. I have also contacted
NTSecurity.net regarding this issue.

USSR Labs stated that they had contacted us and we had not contacted them
back regarding this issue. In actuality, we had not received any contact
from them prior to the release of the information regarding the Telnet
Server issue. After we received information from NTSecurity.net stating
that they had published this error on their web page, we contacted USSR
Labs and they stated that they had tried to contact us from our Tech
support web page but kept getting ODBC errors -- therefore, no contact had
been received from them and we could not tell them that this is a BUILD 4
issue and we are currently on BUILD 7 (we have not sold build 4 or had it
on our web site for download in over a year).

We have come to find out that it may be a WinSock issue with older service
packs which can be resolved by updating the service pack/WinSock or by
downloading the latest version of InterAccess TelnetD Server for Windows NT
4.0 (build7).

I informed USSR Labs that they could have directly emailed Pragma (since
our email address is listed) or called us regarding this issue. They had
presented the information as if we were ignoring their attempts to contact
us, whereas in actuality we were not being contacted because of the ODBC
error was preventing any contact from getting to Pragma. So I had suggested
that they should have found an alternative method for contacting us.
(NOTE: we have hence fixed the ODBC error that had be occuring on our Tech
Support page and now have a direct MailTo link).

(That's what's been going on over the past day -- just to update you to
this point)

Please let your readers know that this is a BUILD 4 issue (which was
released June 1998) and we are now on BUILD 7. The problem can be fixed by
updating the service pack/WinSock or by updating to BUILD 7.

(FYI-- we emailed USSR Labs our latest build of the product and one of our
IP addresses to help them. After giving them this, they are now excessively
pinging this computer. They have emailed me asking me if I have found
anything interesting on this computer. I found that to be slightly malicious).

Please let me know if this information helps your readers.

Regards,
Edith H. Myers

Director of Marketing & Operations      Tel:  512-219-7270
Pragma Systems, Inc.                        Fax: 512-219-7110
http://www.pragmasys.com

    ^     ^
   ^ ^   ^ ^
     O  O
=== _|_ ===
Previous By Date Next
Previous By Thread Next

Current thread: