Microsoft Telnet Can Be Crashed Locally, Causing Other Applications Including Outlook Express To Crash
SecurityTracker Alert ID: 1001209|
SecurityTracker URL: http://securitytracker.com/id/1001209
(Links to External Site)
Date: Mar 31 2001
Denial of service via local system|
Exploit Included: Yes |
Version(s): NT4 Workstation with Service Pack 4, probably others|
A vulnerability has been reported in the version of Telnet that is shipped with most Microsoft systems that allows a local user to crash several applications, including OutlookExpress.|
It is reported that, if you fill up the "Host Name" buffer (Connect/Remote System/Host Name) with the maximum of 256 chars and press "Connect" (tested with 256 "A" characters), the application will crash but will not close down, instead, it will display a "Connection Failed!" message.
This vulnerability will not be triggered if OutlookExpress is open/active.
After crashing, OutlookExpress will not start. The system must be rebooted for normal operation of Telnet and OutlookExpress to return.
A local user can cause Telnet and other applications to crash, requiring a system restart before normal operations return.|
No solution was available at the time of this entry.|
Vendor URL: www.microsoft.com/technet/security/ (Links to External Site)
|Underlying OS: Windows (Any)|
Source Message Contents
Subject: Local Bufferoverflow/Vulnerability in Telnet.exe|
Made in Holland
PCP/A #0006 (pr0ph)
Local Bufferoverflow/Vulnerability in Telnet.exe
The version of Telnet that is shipped with most Microsoft systems contains a
buffer that can be overflowed which will result in the Denial of Service of
several applications including OutlookExpress.
If you fill up the "Host Name" buffer (Connect/Remote System/Host Name) with
the maximum of 256 chars and press "Connect" (tested with 256 "A"
characters). Also note that this bug will not get triggered if
OutlookExpress is open/active, it has to be closed. You will receive the
following "Dr. Watson for Windows NT" error:
"An application error has occured and an application error log is being
Exception: access violation (0x00000005), Address 0x00780078"
This will create a USER.DMP file in your WINNT directory (all Dr. Watson
warnings will create a USER.DMP file actually). However Telnet will not
close down but will display a "Connection Failed!" message.
If you will try to start OutlookExpress after this you will notice that it
wont start. After a few minutes you'll get (in some cases) this error:
"msimn.exe - DLL Initialization Failed
Initialization of the dynamic link library C:\WINNT\System32\rascauth.dll
Failed. The process is terminating abnormally."
OE will NOT start until you rebooted your system. Logging in as another user
without rebooting will NOT help. Note that if you triggered the bug you will
have to reboot your system before you will be able to trigger/reproduce it
This is tested on Windows NT4 Workstation with Service Pack 4.
Try it yourself en please let us know the results (if they vary from the
results mentioned above). Please mail us at:
Special_Projects@cazzz.demon.nl (The Lab)
Industrial_Strength@cazzz.demon.nl (The Exploiters)
Another fine Planet Cazzz Production. In association with The Nations Top.
We cannot be held responsible for your actions, but you can try. Made in
Holland. PCP/A #0006 (pr0ph)
We want to say hell0 to all the Crackers, the Hackers and the Phreax. We
want to say hell0 to all the people in this place. We want to say hell0 to
all the Sinners and 31337. We say hell0 to all the people in the world...
-No Strezzz Cazzz, Powered By UN0X
Vengeance is here, its time to ressurect. Anger without ph34r: The Bulld0zer
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: firstname.lastname@example.org