Vulnerability Development mailing list archives

Re: Windows2000 telnet exploit

From: Marty <marty () NETWAYNETWORKS COM AU>
Date: Sat, 25 Nov 2000 08:31:24 +1000

(non-MS) software which uses Windows 2000 authentication. I do not think
this
is a buffer overflow, the error message suggests that Windows 2000 is
searching
for some file: I cannot see any reason behind this.

The filename or extension is too long.


Seems more likely that M$ are actually checking the length of the input,
probably using a shared handler routine returning a generic user error
message.

I bet the bounds checking was added as an afterthought ;)   (service pack 1
maybe?) ;)  This probably explains why the gold code for 2K was 25 million
lines, yet is now quoted to be 30 million ;)

Ah Micro$oft, where do we want you to go today? ;)

Cheers,
Marty

Current thread:

Windows2000 telnet exploit Philip Wagenaar (Nov 23)
- <Possible follow-ups>
- Re: Windows2000 telnet exploit Sandro Gauci (Nov 24)
  - Re: Windows2000 telnet exploit Olle Segerdahl (Nov 25)
- Re: Windows2000 telnet exploit Marty (Nov 27)
- Re: Windows2000 telnet exploit Robert G. Ferrell (Nov 28)
  - Re: Windows2000 telnet exploit David Rhodus (Nov 29)