BFTelnet Server ver 1.1 vulnerable to remote DoS
----------------------------------------------------------------------------
----
SUMMARY
A remote DoS Attack in <http://www.bytefusion.com/> ByteFusion's BFTelnet
Server v1.1 for Windows NT has been discovered. The buffer overflow is
caused by passing a long user name in the authentication session (3090
characters). If BFTelnet Server is running as a service the service will
exit and no messages will be displayed on the screen.
DETAILS
Example:
$ telnet example.com
Trying example.com...
Connected to example.com.
Escape character is '^]'.
Byte Fusion Telnet, Copyright 1999 Byte Fusion Corporation
Unregistered Evaluation. See <www.bytefusion.com/telnet.html>
www.bytefusion.com/telnet.html
(Machine name) Login: [buffer]
Where the buffer is approximately 3090 characters. At his point the telnet
server crashes.
ADDITIONAL INFORMATION
This vulnerability has been discovered by: <mailto:[EMAIL PROTECTED]>
Ussr Labs.
========================================
-------
AFLHI 058009990407128029/089802---(102598//991024)
milis ini didukung oleh :
>> http://www.indolinux.com - dunia linux indonesia
-------------------------------------------------------------------
untuk berhenti kirim email ke [EMAIL PROTECTED]
untuk melihat peraturan kirim email ke [EMAIL PROTECTED]
arsip berada di http://www.mail-archive.com/[email protected]
