GAMSoft Telsrv DoS Vulnerability

Bugtraq ID:	1478
Class:	Boundary Condition Error
CVE:	CVE-2000-0665
Remote:	Yes
Local:	Yes
Published:	Jul 17 2000 12:00AM
Updated:	Feb 01 2008 06:47PM
Credit:	Discovered by Prizm <[email protected]> on July 17, 2000. Additional information provided by Patrick Webster <[email protected]> on July 28, 2000.
Vulnerable:	GAMSoft Telsrv 1.5 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 GAMSoft Telsrv 1.4 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0
Not Vulnerable:

GAMSoft Telsrv DoS Vulnerability

GAMSoft Telsrv telnet server is prone to a trivial denial-of-service attack. If a malicious user were to connect to port 23 and supply a username of approximately 4550 characters, the telnet application would crash. Restarting the service is required to regain normal functionality.

In some cases, Telsrv will return an error message that contains a valid username and password in plain-text format. This can be used to gain unauthorized access to the telnet server.

GAMSoft Telsrv DoS Vulnerability

The following exploit code is available as a module for the Metasploit Framework:

• /data/vulnerabilities/exploits/1478-gamsoft_telsrv_username.rb

GAMSoft Telsrv DoS Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

GAMSoft Telsrv DoS Vulnerability

References:

• DoS in Gamsoft TelSrv telnet server for MS Windows 95/98/NT/2k. (NTBugtraq)
  
• GAMSoft Homepage (GAMSoft)
  
• TelSrv Reveals Usernames & Passwords After DoS Attack (NTBugtraq)