Note: The red stoplight on this page indicates the highest possible severity level for this category of vulnerabilities. To determine the severity level in this instance, refer to the colored dot beside the link to this tutorial on the previous page.
When a telnet session is initiated, the server creates a named pipe, which allows bi-directional communication between two processes. When the named pipe is created, any code associated with the pipe is executed.
2/13/02
CVE 2002-0020
A buffer overflow condition in the processing of Telnet
protocol options could allow a remote attacker to crash
the service or execute arbitrary commands.
6/18/01
CAN 2001-0349
CAN 2001-0350
The name of the pipe created by a telnet session is predictable.
Therefore, an attacker with the ability to load and run code on
the server could associate arbitrary code with the predicted
named pipe. The next time a telnet session is established, the
server would execute the code when the
named pipe is created, thus executing the attacker's
commands with Local System privileges.
6/18/01
CVE 2001-0345
CVE 2001-0346
CVE 2001-0348
CVE 2001-0351
Four unrelated denial-of-service vulnerabilities in Microsoft
telnet server could allow a remote attacker to crash the
telnet service, prevent legitimate users from accessing the
telnet service, or terminate other users' telnet sessions.
6/18/01
CVE 2001-0347
By preceding a login name with a specially crafted string
of characters, an attacker could cause the telnet server
to search all trusted domains for that login name. This
vulnerability doesn't allow unauthorized access directly,
but does make it easier for an attacker to find any
enabled Guest accounts which may be present anywhere within the
server's trusted domains.