Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Services for Unix 2.0 Telnet Client File Overwrite

Services for Unix 2.0 Telnet Client File Overwrite

by phiber on March 14th, 2001 A vulnerability has been discovered in the interaction between Internet Explorer and the Telnet client installed with Services for Unix 2.0, that allows arbitrary files to be overwritten, or created, containing attacker specified data. This vulnerability occurs as a result of Internet Explorer executing the "telnet" command and passing command line parameters, specified in the URL, to the telnet program.




The Windows 2000 Telnet client contains a client side logging
option, which is used to log all telnet session data to a file
specified by this option. By specifying the "-f" flag to the
telnet command, accompanied by a filename, all session text is
logged to this file.


Vulnerable Packages/Systems:



All versions of Internet Explorer with Services for Unix 2.0
installed are presumed to be vulnerable to this problem.



Solution/Vendor Information/Workaround:



Microsoft has released an update which solves this problem. The
update, and more information can be obtained at the following
locations:



http://www.microsoft.com/technet/security/bulletin/MS01-015.asp

http://www.microsoft.com/windows/ie/download/critical/q286043/default.asp



Updates are available for Internet Explorer 5.01 Service Pack 1

and Internet Explorer 5.5 Service Pack 1.


This vulnerability was discovered by Oliver Friedrichs ([email protected]).



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »