COMMAND

    BFTelnet Server

SYSTEMS AFFECTED

    BFTelnet Server v1.1 for Windows NT

PROBLEM

    UssrLabs found  a Remote  DoS Attack  in BFTelnet  Server v1.1 for
    Windows NT,  the buffer  overflow is  caused by  a long  user name
    3090 characters.  If BFTelnet  Server is running as a  service the
    service will  exit and  no messages  are displayed  on the screen.
    There is not much to expand on.... just a simple hole.  Example:

        palometa@hellme]$ telnet example.com
                Trying example.com...
                Connected to example.com.
                Escape character is '^]'.
	        Byte Fusion Telnet, Copyright 1999 Byte Fusion Corporation
	        Unregistered Evaluation. See www.bytefusion.com/telnet.html
	        (Machine name) Login: [buffer]

    Where  [buffer]  is  aprox.  3090  characters.   At  his point the
    telnet server close.

SOLUTION

    Nothing yet.  Venfor has been contacted.