Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
Unchecked Buffer in Telnet Server Could Lead to Arbitrary Code Execution New
A security vulnerability exists in the Telnet service of Microsoft Windows 2000 and Microsoft Interix 2.2 which could allow a remote user to cause a denial of service or to execute code of their choice on the system.
Issue
The Telnet protocol provides remote shell capabilities. Microsoft has implemented the Telnet protocol by providing a Telnet Server in several products. The implementations in two of these products – Windows 2000 and Interix 2.2 – contain unchecked buffers in the code that handles the processing of telnet protocol options.
An attacker could use this vulnerability to perform a buffer overflow attack. A successful attack could cause the Telnet Server to fail, or in some cases, could possibly allow an attacker to execute code of her choice on the system. Such code would execute using the security context of the Telnet service, but this context varies from product to product. In Windows 2000, the Telnet service always runs as System; in the Interix implementation, the administrator selects the security context in which to run as part of the installation process.
Affected Products
- Microsoft Windows 2000, Microsoft Interix 2.2
Solution
A software patch is available from the followin locations:
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: February 7, 2002
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
