Re: win2k console bug

[Marius Huse Jacobsen <mahuja () C2I NET>]

I think the bug is located in what is the windows version of the  x windows
system  "terminal emulator"

It will happen if that stream is read from a file (type x) too.

----- Original Message -----
From: "Philip Stoev" <philip () STOEV ORG>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Wednesday, February 21, 2001 8:13 PM
Subject: win2k console bug


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have found the following interesting behavoir:
>
> The netcat tool when used as a telnet-like application sends all info
> it receives over the network to the console. The win2k console has
> the tendency to interpret this output, including the "bell"
> character. The interesting part is that when many "bell" characters
> are received, the console locks up, taking all other consoles open on
> that machine with it. They can not be closed with the TaskManager --
> the only way to stop the debilitating noise is to shut down (or
> logout?).
>
> So, if somebody uses netcat to connect to a malicious site, and the
> site stats sending garbage to him, the scenario described above will
> happen. Telnet.exe is not vulnerable to this, since it filters out
> the offending characters. However, if you do a type on a good binary
> stream (many bells and no EOFs), the same thing will happen, which is
> to say that the problem is in cmd.exe.
>
> Philip
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBOpQTNFi4DH/L1CReEQKaSgCgzQFA/ipJMBmLqm9S0PROc1TKNz4An1P5
> TXPE4gaMzZul4Ihh/W5q5YPK
> =LnqA
> -----END PGP SIGNATURE-----