Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
BID:2018
Info
Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
| Bugtraq ID: | 2018 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 30 2000 12:00AM |
| Updated: | Nov 30 2000 12:00AM |
| Credit: | Posted to Bugtraq on November 30, 2000 by Alexander Ivanchev <[email protected]>. |
| Vulnerable: |
Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server |
| Not Vulnerable: | |
Discussion
Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
The Telnet daemon shipped with Windows 2000 is susceptible to a trivial denial of service attack if an initiated session is not reset. After a certain interval of time, a telnet session will timeout if the user does not supply a username or password. The connection will not be reset until the user enters a character. If a malicious user were to connect to a Windows 2000 telnet daemon and not reset the connection, they would effectively deny any other access to the telnet server because the maximum number of client connections is 1. Any other user that attempts to connect to the telnet server during that time will receive the following error message:
Microsoft Windows Workstation allows only 1 Telnet Client License
Server has closed connection
Viewing 'List the Current Users' option will not display the timed out session because successful authorization did not take place.
The Telnet daemon shipped with Windows 2000 is susceptible to a trivial denial of service attack if an initiated session is not reset. After a certain interval of time, a telnet session will timeout if the user does not supply a username or password. The connection will not be reset until the user enters a character. If a malicious user were to connect to a Windows 2000 telnet daemon and not reset the connection, they would effectively deny any other access to the telnet server because the maximum number of client connections is 1. Any other user that attempts to connect to the telnet server during that time will receive the following error message:
Microsoft Windows Workstation allows only 1 Telnet Client License
Server has closed connection
Viewing 'List the Current Users' option will not display the timed out session because successful authorization did not take place.
Exploit / POC
Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
See discussion.
See discussion.
Solution / Fix
Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
References:
References: