####################################################################### Luigi Auriemma Application: Seattle Lab Telnet Server http://www.seattlelab.com/products/slnetrf/default.asp Versions: <= 4.1.1.3758 Platforms: Windows (note that the effect could be non replicable on Windows Server since depends by how are handled the errors) Bug: exception error message Exploitation: remote Date: 02 Jan 2008 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== SLNet is a commercial telnet server. ####################################################################### ====== 2) Bug ====== The SLNet server showes a message box if an exception occurs. Other than this message on the screen there are no other side effects, the server will continue to work normally and the remote users will see no problems. ONLY if the admin clicks on the message box the server will terminate or the termination will be automatic if the server is running in debug mode. In this case the exception happens during the handling of the telnet options causing a NULL pointer access. Important note: naturally this bug can't be defined a real security risk due to the previous explanation, I have decided to keep track of this problem only for thoroughness and because it remains a small problem for the administrators which see the error message. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/slnetmsg.zip ####################################################################### ====== 4) Fix ====== As already said this bug can't be considered a real security risk. #######################################################################