SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Telnet Vendors:   Microsoft
Microsoft Telnet Can Be Crashed Locally, Causing Other Applications Including Outlook Express To Crash
SecurityTracker Alert ID:  1001209
SecurityTracker URL:  http://securitytracker.com/id/1001209
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 31 2001
Impact:   Denial of service via local system
Exploit Included:  Yes  
Version(s): NT4 Workstation with Service Pack 4, probably others
Description:   A vulnerability has been reported in the version of Telnet that is shipped with most Microsoft systems that allows a local user to crash several applications, including OutlookExpress.

It is reported that, if you fill up the "Host Name" buffer (Connect/Remote System/Host Name) with the maximum of 256 chars and press "Connect" (tested with 256 "A" characters), the application will crash but will not close down, instead, it will display a "Connection Failed!" message.

This vulnerability will not be triggered if OutlookExpress is open/active.

After crashing, OutlookExpress will not start. The system must be rebooted for normal operation of Telnet and OutlookExpress to return.

Impact:   A local user can cause Telnet and other applications to crash, requiring a system restart before normal operations return.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/technet/security/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Local Bufferoverflow/Vulnerability in Telnet.exe


Made in Holland
PCP/A #0006 (pr0ph)


Local Bufferoverflow/Vulnerability in Telnet.exe



The version of Telnet that is shipped with most Microsoft systems contains a
buffer that can be overflowed which will result in the Denial of Service of
several applications including OutlookExpress.



If you fill up the "Host Name" buffer (Connect/Remote System/Host Name) with
the maximum of 256 chars and press "Connect" (tested with 256 "A"
characters).  Also note that this bug will not get triggered if
OutlookExpress is open/active, it has to be closed. You will receive the
following "Dr. Watson for Windows NT" error:

"An application error has occured and an application error log is being
generated.

RASMAN.exe

Exception: access violation (0x00000005), Address 0x00780078"

This will create a USER.DMP file in your WINNT directory (all Dr. Watson
warnings will create a USER.DMP file actually). However Telnet will not
close down but will display a "Connection Failed!" message.

If you will try to start OutlookExpress after this you will notice that it
wont start. After a few minutes you'll get (in some cases) this error:

"msimn.exe - DLL Initialization Failed

Initialization of the dynamic link library C:\WINNT\System32\rascauth.dll
Failed. The process is terminating abnormally."

OE will NOT start until you rebooted your system. Logging in as another user
without rebooting will NOT help. Note that if you triggered the bug you will
have to reboot your system before you will be able to trigger/reproduce it
again.

This is tested on Windows NT4 Workstation with Service Pack 4.

Try it yourself en please let us know the results (if they vary from the
results mentioned above). Please mail us at:

Special_Projects@cazzz.demon.nl (The Lab)
Industrial_Strength@cazzz.demon.nl (The Exploiters)


Another fine Planet Cazzz Production. In association with The Nations Top.
We cannot be held responsible for your actions, but you can try. Made in
Holland. PCP/A #0006 (pr0ph)

We want to say hell0 to all the Crackers, the Hackers and the Phreax. We
want to say hell0 to all the people in this place. We want to say hell0 to
all the Sinners and 31337. We say hell0 to all the people in the world...



-No Strezzz Cazzz, Powered By UN0X

Vengeance is here, its time to ressurect. Anger without ph34r: The Bulld0zer
Project...

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listserv@listserv.ntsecurity.net

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC