I don’t know how many of you get this bulletin, I didn’t really read it until today becase I don’t use the telnet server.

Wasn’t this reported last year by them? Oh! That’s right, last year it was the client!

- ----------------------------------------------------------------------
Title: Unchecked Buffer in Telnet Server Could Lead to Arbitrary
Code Execution
Date: 07 February 2002
Software: Telnet Service in Microsoft Windows 2000; Telnet
Daemon in Microsoft Interix 2.2
Impact: Denial of Service; Possibly Run Code of Attacker's Choice
Max Risk: Moderate

//*** catch this! An attacker can run any thing he/she wants, on your server and they call it a moderate risk ! ***//

Bulletin: MS02-004

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/sec.../MS02-004.asp.
- -
- ----------------------------------------------------------------------

Issue:
======
The Telnet protocol provides remote shell capabilities. Microsoft has
implemented the Telnet protocol by providing a Telnet Server in
several products. The implementations in two of these products
- - - Windows 2000 and Interix 2.2 - contain unchecked buffers in the
code that handles the processing of telnet protocol options.

An attacker could use this vulnerability to perform a buffer
overflow attack. A successful attack could cause the Telnet Server
to fail, or in some cases, could possibly allow an attacker to
execute code of her choice on the system. Such code would execute
using the security context of the Telnet service, but this context
varies from product to product. In Windows 2000, the Telnet service
always runs as System; in the Interix implementation, the
administrator selects the security context in which to run as part
of the installation process.


*~*~Here’s the best part:~*~*

Mitigating Factors:
====================
- While the Telnet Service in Windows 2000 is installed by default,
it is not running by default. As a result, a Windows 2000 system
would only be vulnerable if the administrator had started the
service


*~*~ It’s only vulnerable when its running. Well that’s a relief ~*~*


~*~* And how about this *~*~

- Remotely exploiting this vulnerability would require the attacker
to have the ability to connect to the Telnet Server.


~*~* I guess this means an attacker could only exploit this hole if they had a computer. ??? *~*~