I don’t know how many of you get this bulletin, I didn’t really read it until today becase I don’t use the telnet server.

Wasn’t this reported last year by them? Oh! That’s right, last year it was the client!

- ----------------------------------------------------------------------
Title: Unchecked Buffer in Telnet Server Could Lead to Arbitrary
Code Execution
Date: 07 February 2002
Software: Telnet Service in Microsoft Windows 2000; Telnet
Daemon in Microsoft Interix 2.2
Impact: Denial of Service; Possibly Run Code of Attacker's Choice
Max Risk: Moderate

//*** catch this! An attacker can run any thing he/she wants, on your server and they call it a moderate risk ! ***//

Bulletin: MS02-004

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-004.asp.
- -
- ----------------------------------------------------------------------

Issue:
======
The Telnet protocol provides remote shell capabilities. Microsoft has
implemented the Telnet protocol by providing a Telnet Server in
several products. The implementations in two of these products
- - - Windows 2000 and Interix 2.2 - contain unchecked buffers in the
code that handles the processing of telnet protocol options.

An attacker could use this vulnerability to perform a buffer
overflow attack. A successful attack could cause the Telnet Server
to fail, or in some cases, could possibly allow an attacker to
execute code of her choice on the system. Such code would execute
using the security context of the Telnet service, but this context
varies from product to product. In Windows 2000, the Telnet service
always runs as System; in the Interix implementation, the
administrator selects the security context in which to run as part
of the installation process.


*~*~Here’s the best part:~*~*

Mitigating Factors:
====================
- While the Telnet Service in Windows 2000 is installed by default,
it is not running by default. As a result, a Windows 2000 system
would only be vulnerable if the administrator had started the
service


*~*~ It’s only vulnerable when its running. Well that’s a relief ~*~*


~*~* And how about this *~*~

- Remotely exploiting this vulnerability would require the attacker
to have the ability to connect to the Telnet Server.


~*~* I guess this means an attacker could only exploit this hole if they had a computer. ??? *~*~

Wow... Look at M$ try to explain themselves... It almost sounds normal... But then you read the part that says 'You are only vlnerable when the service is running' And all is lost for M$ again ;)

I suppose there is not one part of that company's product that is not vulnerable is there?

I have built entire company networks from scratch and always the most crap comes from the m$ apps and os. I'm ashamed to say I've put it in place but the client wanted it - so -....

I think with M$'s track record youll be hacked even if your offline LOL....

Yet people still use telnet...

what is telnet ?
sorry i am a real newbie and so clueless :S

Valentino

--------
what is telnet ?
sorry i am a real newbie and so clueless :S
-------

open a dos prompt and type:

telnet bbs.zgnews.com

if this is your first telnet experience, you've just found another part of the internet.
i don't know what kind on news zg has, my old links don't work anymore so i picked one from

http://www.thedirectory.org/telnet/index.sht

before there were boards like this one, this is how hackers(and other special interest groups) used to exchange ideas(and other things) and they still do. theres alot of renagade telnet servers that arn't connected to the internet, you have to dial in to them. A lot fewer prying eyes.

Telnet can be used for alot of things besides BBSing, like sending/receiving mail, administering a remote machine, bbs chat, a client for some trojans, or to help find out what services are running on different ports.

There are a few tutorials in the tutoriels forum on telnet.

hope this helped

Man..when is MS going to realize they shouldn't run services of any kind? Buffer overflows are the most common in their packages and are exploited like nobody's business. Christ, they never learn...

Well, just wait until the next incarnation of Nimda uses this as an attack method. Virus/Worm hybrids are getting very dangerous now with the capability to attack multiple targets. I don't think it'll be long before we start seeing Virus/Worm combinations that exploit three or four hundred vulnerabilities. Imagine one that used a Windows Update like feature...

/me shudders

When will people learn to not use MS on the server?

Try using Putty, it´s free and provides SSH.

Ah, telnet. You know, when the internet was Arpanet, this was great - total, complete, full access simply and quickly - no pesky security stuff to get in the way of anything. However, this antiquated beast still lurks around because admins won't install SSH (working with my University right now to get SSH rolled on their servers - but, no, "there's nothing wrong with telnet"), and because users won't install SSH clients (good call on putty, Focmaester! - you can also head to openssh.org (http://openssh.org) , if I remember correctly, to get clients for all kinds of OS's) and won't pressure their local / upstream admins to install SSH. Of course, in a cluster you don't want SSH - it eats about 10% of your bandwidth over rlogin/rexec scripts.

<sigh> Yeah, this is fragmented ... time to make my brain contiguous again, I guess! Oh, well ... grennies are being packed off to Focmaester as I speak now. :)

Head here:
Telnet Question from Earlier (http://www.antionline.com/showthread.php?s=&threadid=139159)

Pretty soon MS is going to implement its own SSH server, then claim they invented it. Make everyone dl a propritary client. Which ofcourse will be insecure, and make themselves look stupid again. But hey, whats new?

I was like when ms announced with great fanfare that Kerberos was going be a good part of the win2k ad nightmare. Or for that matter they introduced the term multitasking when win95 was rolled out. Wow. I mean, we sure are impressed bill. You've managed it again; namely, taking something that has been around for years and passed it off as your own.

It reminds me of the active directory presentation we sat through. After the obligatory refreshment break they went on to mention "how" it works. Those of us from the unix and novell background group looked at each other in amazement.

Thats pretty crazy. I've seen people open the telnet service up.. for webservers and what not, I don't know why they wouldn't just use SSHD, I believet theres a win32 port of this server. 3DES encryption going over the internet versus plain raw text.. (afaik)

Yeah , ssh is the way to go if you want your data encrypted across the line.But Putty is the best client program because it has ssh built inside of it.But yeah definetely don't log into a regular telnet server , because anyone with a packet sniffer can pick up your passwords easily.