On Wed, 20 Jul 2005, Bilal Nasrallah wrote:
Hi Folks, I've run a scan on one of our devices and the report highlighted a security hole in the telnet server (TCP port 23). It reported the following: "The Telnet server does not return an expected number of replies when it receives a long sequence of 'Are You There' commands. This probably means it overflows one of its internal buffers and crashes. It is likely an attacker could abuse this bug to gain control over the remote host's super user." However, the box didn't crash! Is it still a high vulnerability?
Hi Bilal, Did the telnet service crash though? When you send SYN packets to port 23 on the target machine do you receive SYN/ACK in return (you can test this with hping). -- - Josh
Thanks, Bilal Nasrallah Network Management Engineering Information Services Nortel ESN 393-3791 or (613) 763-3791 Mailstop 04351M18 Ottawa, Ontario Email: [EMAIL PROTECTED]
-- - Josh GPG: 445F 7FB3 3D99 EE8C 99A4 4313 352D FFD4 02B2 C7F3 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
