TelnetD Subject to Buffer Overflow and DoS

Reported February 25, 2000 by USSRLabs
VERSIONS AFFECTED
InterAccess TelnetD Server Release 4, all builds

DESCRIPTION

UssrLabs found a bug in the code that handles the client connection procedure. This particular set of code has an unchecked buffer that can cause the TelnetD service crash, which leads to a denial of service attack.

DEMONSTRATION

http://www.ussrback.com/telnetd/dostelnetd.exe (binary)
http://www.ussrback.com/telnetd/dostelnetd.zip (source)

VENDOR RESPONSE

Pragma Systems reported that they have issued patch for TelnetD that corrects this matter.

CREDITS
Discovered by USSRLabs