SecurityvulnsSECURITYVULNS:DOC:18797Denial of Service in Pragma TelnetServer 7.0.4.589
#######################################################################
Luigi Auriemma
Application: Pragma TelnetServer
http://www.pragmasys.com/PragmaTelnetServer.asp
Versions: <= 7.0 Build 4 Revision 589
Platforms: Windows
Bug: Denial of Service
Exploitation: remote
Date: 02 Jan 2008
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
Pragma TelnetServer is a commercial telnet server for Windows.
#######################################################################
======
2) Bug
The telnetd.exe process, which is started for each incoming connection,
is affected by a NULL pointer vulnerability during the handling of the
TELOPT PRAGMA LOGON telnet option (number 138).
Although the termination of a single process doesn't affect the others,
the access to the server can be denied through the termination of at
least 75 of these processes, after that the server will be unreachable
(all the current SSH connections established before the last exception
will remain up).
This bad effect will finish gradually when the admin click on the error
messages but naturally the attacker can continue the attack keeping the
server ever unreacheable.
#######################################################################
===========
3) The Code
http://aluigi.org/poc/pragmatel.zip
#######################################################################
======
4) Fix
No fix
#######################################################################