8 matches found
CVE-2000-0581
Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash...
CVE-2001-0346
Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them...
CVE-2001-0348
Microsoft Windows 2000 telnet service allows attackers to cause a denial of service crash via a long logon command that contains a backspace...
CVE-2000-0834
The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability...
Windows 2000 Telnet Service DoS
Below is the original message sent to Microsoft, and since apparently 'Disclosure Procedures' are once again in focus... 11/08/2000 - Issue is reported to Microsoft's Security Response Team [email protected] 11/10/2000 - Microsoft confirmed receipt 11/21/2000 - Microsoft responded that they...
Security Bulletin (MS00-067)
Microsoft Security Bulletin MS00-067 - --------------------------------------- Patch Available for "Windows 2000 Telnet Client NTLM Authentication" Vulnerability Originally posted: September 14, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in the...
Win2k Telnet.exe malicious server vulnerability
/ NTLM telnetD v0.8 Snarfs NTLM challenge/response by convincing w2k telnet client to auto-authenticate. Outputs auth-data in LophtCrack sniff format on stdout. compile: gcc -o w2kteld ntlmtelnetd.c run: ./w2kteld Then wait for w2k to telnet to you. for the impatient, there are always ways of...
Win2k Telnet.exe malicious server vulnerability
Microsoft was informed of this problem with exploit over a month ago. I received some token responses right after emailing them, but have heard nothing since. If they have released an advisory of their own yet, I have not seen it. I informed them up-front that I would release a full-disclosure...