lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <42372CEE.1010003@altervista.org>
Date: Tue, 15 Mar 2005 19:43:58 +0100
From: Komrade <unsecure@...ervista.org>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: GoodTech Telnet Server Buffer Overflow
	Vulnerability


AUTHOR
Komrade
unsecure@...ervista.org

Original advisory:
http://unsecure.altervista.org/security/goodtechtelnet.htm

DATE
15/03/2005

PRODUCT
The product turns a Windows NT/2000/XP/2003 system into a multi-user
Telnet server. Gives Telnet users full access to Windows NT command
line. (informations from the website http://www.goodtechsys.com)
Administration commands can be performed via a web browser. This feature
gives you a Graphic interface to administrate the Telnet Server product.
(informations from readme.htm file)


AFFECTED VERSION
All verion prior to 5.0.7 (version fixed by the vendor)

Versions verified to be vulnerable:
5.0
4.0

DETAILS
This program has a vulnerabilty in the administration web server, which
runs on the default port 2380. If a very long string (10040 bytes) ended
by two newline characters is sent to this server, a buffer overflow
vulnerability occurs, overwriting the instruction pointer and giving the
possibility to execute arbitrary code remotely in the LOCAL_SYSTEM context.

POC EXPLOIT
You can find a proof of concept exploit that crashes the vulnerable
servers on:
http://unsecure.altervista.org/security/gtscrash.c.txt

VENDOR STATUS
I notified this vulnerability to the vendor on 14/03/2005 and they fixed
it in the new version 5.0.7
See http://www.goodtechsys.com to download the new fixed version.

VULNERABILITY TIMELINE
11/03/2005 Vulnerability found.
14/03/2005 Vendor contacted.
15/03/2005 Vendor reply.
15/03/2005 Vulnerability fixed. A new version of GoodTech Telnet Server
is now avaible.

-- 
- Unsecure Programs -
- http://unsecure.altervista.org -





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ