Unchecked Buffer in Telnet Server Could Lead to Arbitrary

The Telnet protocol provides remote shell capabilities. Microsoft has implemented the Telnet protocol by providing a Telnet Server in several products. The implementations in two of these products - - - Windows 2000 and Interix 2.2 - contain unchecked buffers in the code that handles the processing of telnet protocol options.

An attacker could use this vulnerability to perform a buffer overflow attack. A successful attack could cause the Telnet Server to fail, or in some cases, could possibly allow an attacker to execute code of her choice on the system. Such code would execute using the security context of the Telnet service, but this context varies from product to product. In Windows 2000, the Telnet service always runs as System; in the Interix implementation, the administrator selects the security context in which to run as part

of the installation process.

Download: Patch (Interix 2.2 required)

Download: Interix 2.2

View: Microsoft TechNet - Security Bulletin MS02-004

In addition, the fix for this issue is included in Windows 2000 Security Roll-up Package 1

Report a problem with article
Next Article

Personal Jetpack

Previous Article

Exchange 2000 System Attendant Incorrectly Sets Remote Registry Permissions

-1 Comments - Add comment

Advertisement