Reported January 5, 2004 by Donato Ferrante.

 

 

VERSIONS AFFECTED

 

  • GoodTech Systems Telnet Server 4.0.103

 

DESCRIPTION

 

GoodTech Systems Telnet Server 4.0.103 contains a Denial of Service (DoS) vulnerability. By sending an overly long string as input to the vulnerable server, an attacker can cause the server to stop responding.

 
DEMONSTRATION
 
The discoverer posted the following demonstration as proof of concept:

 

To test the vulnerability, simply send a long string to the Telnet server, perl -e 'print "a"x8245' | nc server 23

Alternatively, a string like :
aaaa\[..a..\]aa ( 8245 of a )

 

VENDOR RESPONSE

 

GoodTech Systems has released version 4.0.104, which isn't vulnerable to this condition.

 

CREDIT

 

Discovered by Donato Ferrante.