search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Microsoft Windows 2000 Telnet Service allows unprivileged local users to terminate sessions via unprotected system calls

Vulnerability Note VU#648131

Original Release Date: 2001-09-18 | Last Revised: 2001-09-18

Overview

The Microsoft Windows 2000 Telnet Service contains a denial-of-service vulnerability that allows unprivileged local users to terminate existing telnet sessions.

Description

The Microsoft Windows 2000 Telnet Service contains a vulnerability that allows unprivileged local users to execute system calls that can terminate existing telnet sessions. Remote attackers who wish to exploit this vulnerability must first gain sufficient access to upload a program to the server and execute it.

Impact

This vulnerability allows an unprivileged local user to terminate existing telnet sessions, resulting in a denial-of-service condition.

Solution

Apply a patch from your vendor

Microsoft has released a patch for this vulnerability; for further information, please consult the systems affected section below.

Vendor Information

648131
 
Expand all

Microsoft Affected

Updated:  September 14, 2001

Status

Affected

Vendor Statement

Microsoft has addressed this vulnerability in the following Microsoft Security Bulletin

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has archived Microsoft's announcement of MS01-031 at


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This document was written by Jeffrey P. Lanza and is based on information provided by Microsoft.

Other Information

CVE IDs: CVE-2001-0351
Severity Metric: 1.77
Date Public: 2001-06-07
Date First Published: 2001-09-18
Date Last Updated: 2001-09-18 23:27 UTC
Document Revision: 11

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis