Title: Kroum Grigorov KpyM Telnet Server Remote Denial Of Service Vulnerability
Severity: MODERATE
Description:
Kroum Grigorov KpyM (KTS) is a telnet server that runs on Microsoft Windows platforms.
KpyM Telnet Server has been reported to be prone to a remote denial of service vulnerability. When a connection is negotiated by the Telnet Server (telnetd.exe), a thread is spawned that launches an executable "term.exe". This executable handles the login and terminal interface routines. Due to a lack of resource limitations, a remote attacker may negotiate multiple connections to the affected server. This will cause multiple instances of the "term.exe" executable to be spawned and ultimately, over time, an access violation will be triggered in the parent "telnetd.exe" executable. This violation will cause the Telnet Server to become unresponsive to requests until the service is restarted.
A remote attacker may exploit this vulnerability to deny service to legitimate users.
KpyM versions 1.05 and prior have been reported to be prone to this issue.
Affected Products:
- Kroum Grigorov KpyM Telnet Server 1.0.0
- Kroum Grigorov KpyM Telnet Server 1.0.01
- Kroum Grigorov KpyM Telnet Server 1.0.02
- Kroum Grigorov KpyM Telnet Server 1.0.03
- Kroum Grigorov KpyM Telnet Server 1.0.04
- Kroum Grigorov KpyM Telnet Server 1.0.05
References:
- Kroum Grigorov: KpyM Telnet Server Homepage
- NoRpiUs: Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
