---------- Forwarded message ---------- Date: Wed, 23 Feb 2000 10:59:20 -0600 From: Edith Myers <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Hello -- We have been in current contact with USSR Labs. I have also contacted NTSecurity.net regarding this issue. USSR Labs stated that they had contacted us and we had not contacted them back regarding this issue. In actuality, we had not received any contact from them prior to the release of the information regarding the Telnet Server issue. After we received information from NTSecurity.net stating that they had published this error on their web page, we contacted USSR Labs and they stated that they had tried to contact us from our Tech support web page but kept getting ODBC errors -- therefore, no contact had been received from them and we could not tell them that this is a BUILD 4 issue and we are currently on BUILD 7 (we have not sold build 4 or had it on our web site for download in over a year). We have come to find out that it may be a WinSock issue with older service packs which can be resolved by updating the service pack/WinSock or by downloading the latest version of InterAccess TelnetD Server for Windows NT 4.0 (build7). I informed USSR Labs that they could have directly emailed Pragma (since our email address is listed) or called us regarding this issue. They had presented the information as if we were ignoring their attempts to contact us, whereas in actuality we were not being contacted because of the ODBC error was preventing any contact from getting to Pragma. So I had suggested that they should have found an alternative method for contacting us. (NOTE: we have hence fixed the ODBC error that had be occuring on our Tech Support page and now have a direct MailTo link). (That's what's been going on over the past day -- just to update you to this point) Please let your readers know that this is a BUILD 4 issue (which was released June 1998) and we are now on BUILD 7. The problem can be fixed by updating the service pack/WinSock or by updating to BUILD 7. (FYI-- we emailed USSR Labs our latest build of the product and one of our IP addresses to help them. After giving them this, they are now excessively pinging this computer. They have emailed me asking me if I have found anything interesting on this computer. I found that to be slightly malicious). Please let me know if this information helps your readers. Regards, Edith H. Myers Director of Marketing & Operations Tel: 512-219-7270 Pragma Systems, Inc. Fax: 512-219-7110 http://www.pragmasys.com ^ ^ ^ ^ ^ ^ O O === _|_ ===