-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pragma Systems response to USSRLabs report On February 22, 2000, Pragma Systems received an anonymous email regarding a security issue reported to NT Security News, hosted by Windows 2000 magazine, with our InterAccess TelnetD Server 4.0 for NT. We took immediate action to determine if a problem existed. After researching the report and the company reporting the issue, USSRLabs, we have determined that a possible problem could exist. We have been unable to duplicate the problem with the January 5, 2000 Build 7 release available from our site. We have tested our server installed on NT4 SP5, Windows 2000 Build 2128, and NT4 SP 6a. From the USSRLabs website, we have discovered that they tested with Build 4, build date of May 4, 1998, and did not complete the testing with the latest version to determine if the problem had been fixed. Please note, that this company did report the problem as occuring with a build nearly 2 years old. We do not have any information about what type of system USSRLabs did their testing on. The reported problem results in a 100% CPU usage. From our experience this is caused by a Winsock error during a recv() call. It is possible that this error would only occur on systems running the Service packs with winsock updates. Pragma Systems has requested testing procedures from USSRLabs to verify if a service pack update was attempted to solve the problem. At this time, we have little information about how this result was produced. Solutions to this problem are to update service packs and InterAccess TelnetD Server 4.0 to the latest build. For any further information on our testing and available updates, contact Beth Henry, Software Project Lead, at [EMAIL PROTECTED] Thank you for taking the time to research this issue for yourself. Pragma Systems, Inc. 13706 Research Blvd, #301 Austin, TX 78750 (512) 219-7270 [EMAIL PROTECTED] from http://www.pragmasys.com/USSR_response.htm - ---------------------------------------------------------------------- - ---------------------------------------------------- Appear the people of Pragma Systems, no undertand what is the real problem, the exploit (from us), made 100% usage, there are no problems in winsock or services pack. The program TelnetD have the problem in the implementation of the recv , who have a unchecked buffer, who cause a buffer overflow. u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h http://www.ussrback.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBOLRIKdybEYfHhkiVEQLMfgCfbwI2z1fgQHWxwlwK0C12/hDS1w8Anip+ 4iYqngt3kvT9GtotTMVtJfT3 =t1KQ -----END PGP SIGNATURE-----