PT-2008-1806 · Pragma · Pragma Telnetserver

Luigi Auriemma

Published

2008-01-09

Updated

2017-08-08

CVE-2008-0153

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Pragma TelnetServer version 7.0.4.589

Description The issue allows remote attackers to cause a denial of service, resulting in a process crash and resource exhaustion. This is achieved by sending a crafted TELOPT PRAGMA LOGON telnet option, which triggers a NULL pointer dereference.

Recommendations For Pragma TelnetServer version 7.0.4.589, consider disabling the telnetd.exe service until a patch is available to prevent remote attackers from exploiting this issue. Restrict access to the telnet service to minimize the risk of exploitation. Avoid using the TELOPT PRAGMA LOGON telnet option in the affected service until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2008-0153

Affected Products

Pragma Telnetserver

PT-2008-1806 · Pragma · Pragma Telnetserver

CVE-2008-0153

Weakness Enumeration

Related Identifiers

Affected Products

References · 6