Microsoft plugs seven Telnet security holes in Windows 2000
 
|
|||
 | |||
|
If the Telnet service included with Microsoft's Windows 2000 operating system has looked suspiciously like Swiss cheese recently, that might be because it has seven security holes that need patching. Microsoft has acknowledged the holes and issued a patch late last week.
Telnet is a protocol used for remote access to systems, e-mail access at some colleges and universities and other administrative tasks.
The holes in Windows 2000's Telnet implementation can lead to three distinct groups of vulnerabilities: denial of service, privilege elevation and information disclosure, the company said. All were fixed by the patch issued June 7.
Microsoft has acknowledged that four of the vulnerabilities could lead to denial-of-service attacks. Though all four bugs are unrelated, they all lead to the same result: denial of access to legitimate users. The flaws can be exploited to keep Telnet from terminating idle connections and exhaust its ability to open new connections by repeatedly opening and closing connections. The security hole could also force Telnet into an access violation and terminate connections by users who have only normal privileges, Microsoft said.
Though the flaws could be used to deny Telnet service to legitimate users, they could not crash the server or lead to further access into the system. At worst, the flaws might necessitate restarting the Telnet service, Microsoft said. The first three bugs could be exploited from the Internet, whereas the final one would require the attacker be able to run code on the server.
Besides denial-of-service attacks, two of the vulnerabilities involve privilege elevation, in which an attacker could gain complete control of affected systems. This could be achieved because Telnet uses predictable names for its connections, or pipes, which would allow an attacker to create a connection with the same name and run it. However, both of the privilege elevation flaws are dependent on the attacker being able to execute code on the target system, which ought to limit the range of users who could exploit the flaw, Microsoft said.
Lastly, one vulnerability could make it easier for an attacker to gain access to certain accounts on the server. The flaw, which could let an attacker enter unauthorized areas on misconfigured servers or networks, is limited in its scope because an attacker would need to already know the password for the targeted account, or the server would need to be placed in a certain domain, Microsoft said.
The denial-of-service flaws were discovered by Richard Reiner of SecureXpert Labs, Peter Grundl and Bindview Development's Razor Team. The privilege elevation flaws and one denial-of-service flaw were discovered by Guardent.
The IDG News Service is a Network World affiliate.
Related Links
