Skip to main content /TECH with /TECH

Microsoft plugs Telnet holes in Windows 2000


By Sam Costello

(IDG) -- If the Telnet service included with Microsoft's Windows 2000 has looked suspiciously like Swiss cheese recently, that might be because it has seven security holes that need patching. Microsoft acknowledged the holes and issued a patch late last week.

Telnet is a protocol used for remote access to systems, e-mail access at some colleges and universities, and other administrative tasks.

Related Stories
Visit an IDG site search

The holes in Windows 2000's Telnet implementation can lead to three distinct groups of vulnerabilities: DoS (Denial of Service), privilege elevation, and information disclosure, the company said. All were fixed by the patch that was issued June 7.

The majority of the vulnerabilities -- four to be exact -- could lead to DoS attacks, Microsoft said. Although all four bugs are unrelated, they all lead to the same result: Denial of access to legitimate users. The flaws can be exploited to deny service because Telnet can be kept from terminating idle connections, can be made to exhaust its capability of opening new connections by repeatedly opening and closing connections, can be forced into an access violation, and can be made to terminate connections by a user with only normal privileges, Microsoft said.

Although the flaws could be used to deny Telnet service to legitimate users, they would not crash the server or lead to further access into the system. At worst, the flaws might necessitate restarting the Telnet service, Microsoft said. The first three bugs could be exploited from the Internet, whereas the final one would require the attacker to be able to run code on the server.

Besides DoS attacks, two of the vulnerabilities involve privilege elevation, in which an attacker could gain complete control of affected systems. This could be achieved because Telnet uses predictable names for its connections, or pipes, which would allow an attacker to create a connection with the same name and run it. Both of the privilege-elevation flaws are dependent on the attacker being able to execute code on the target system, which should limit the range of users who could exploit the flaw, Microsoft said.

Lastly, one vulnerability could make it easier for an attacker to gain access to certain accounts on the server. The flaw, which could let an attacker enter unauthorized areas on misconfigured servers or networks, is limited in its scope because an attacker would need to already know the password for the targeted account or the server would need to be placed in a certain domain, Redmond, Wash.-based Microsoft said.

The DoS flaws were discovered by Richard Reiner of SecureXpert Labs, Peter Grundl, and Bindview Development's Razor Team. The privilege elevation flaws and one DoS flaw were discovered by Guardent.


Security bulletin and patch

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top