AUTHOR Komrade unsecure@xxxxxxxxxxxxxx
Original advisory: http://unsecure.altervista.org/security/goodtechtelnet.htm
DATE 15/03/2005
PRODUCT The product turns a Windows NT/2000/XP/2003 system into a multi-user Telnet server. Gives Telnet users full access to Windows NT command line. (informations from the website http://www.goodtechsys.com) Administration commands can be performed via a web browser. This feature gives you a Graphic interface to administrate the Telnet Server product. (informations from readme.htm file)
AFFECTED VERSION All verion prior to 5.0.7 (version fixed by the vendor)
Versions verified to be vulnerable: 5.0 4.0
DETAILS This program has a vulnerabilty in the administration web server, which runs on the default port 2380. If a very long string (10040 bytes) ended by two newline characters is sent to this server, a buffer overflow vulnerability occurs, overwriting the instruction pointer and giving the possibility to execute arbitrary code remotely in the LOCAL_SYSTEM context.
POC EXPLOIT You can find a proof of concept exploit that crashes the vulnerable servers on: http://unsecure.altervista.org/security/gtscrash.c.txt
VENDOR STATUS I notified this vulnerability to the vendor on 14/03/2005 and they fixed it in the new version 5.0.7 See http://www.goodtechsys.com to download the new fixed version.
VULNERABILITY TIMELINE 11/03/2005 Vulnerability found. 14/03/2005 Vendor contacted. 15/03/2005 Vendor reply. 15/03/2005 Vulnerability fixed. A new version of GoodTech Telnet Server is now avaible.
-- - Unsecure Programs - - http://unsecure.altervista.org -
