Reported
January 5, 2004 by Donato Ferrante.
VERSIONS
AFFECTED
-
GoodTech Systems Telnet
Server 4.0.103
DESCRIPTION
GoodTech Systems Telnet Server 4.0.103
contains a Denial of Service (DoS) vulnerability. By sending an overly long
string as input to the vulnerable server, an attacker can cause the server to
stop responding.
DEMONSTRATION
The discoverer posted the following demonstration as proof of concept:
To
test the vulnerability, simply send a long string to the Telnet server, perl
-e 'print "a"x8245' | nc server 23
Alternatively, a string like :
aaaa\[..a..]aa ( 8245 of a )
VENDOR
RESPONSE
GoodTech Systems has released version 4.0.104, which isn't vulnerable to this condition.
CREDIT
Discovered by
Donato Ferrante.