February 9th, 2002 02:28 AM
Windows Security 2000
Microsoft has a patch for Windows 2000 and Internix 2.2 that fixes a vulnerability in the telnet protocol. Unchecked Buffer in Telnet Server Could Lead to Arbitrary Code Execution
An attacker could use this vulnerability to perform a buffer overflow attack. A successful attack could cause the Telnet Server to fail, or in some cases, could possibly allow an attacker to execute code of her choice on the system. Such code would execute using the security context of the Telnet service, but this context varies from product to product. In Windows 2000, the Telnet service always runs as System; in the Interix implementation, the administrator selects the security context in which to run as part of the installation process.