#######################################################################

                         Luigi Auriemma

Application: Seattle Lab Telnet Server
http://www.seattlelab.com/products/slnetrf/default.asp
Versions: <= 4.1.1.3758
Platforms: Windows
Bug: exception error message
Exploitation: remote
Date: 02 Jan 2008
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org

#######################################################################

1) Introduction
2) Bug
3) The Code
4) Fix

#######################################################################

===============
1) Introduction

SLNet is a commercial telnet server.

#######################################################################

======
2) Bug

The SLNet server showes a message box if an exception occurs.
Other than this message on the screen there are no other side effects,
the server will continue to work normally and the remote users will
see no problems.

ONLY if the admin clicks on the message box the server will terminate
or the termination will be automatic if the server is running in debug
mode.

In this case the exception happens during the handling of the telnet
options causing a NULL pointer access.

Important note:
naturally this bug can't be defined a real security risk due to the
previous explanation, I have decided to keep track of this problem only
for thoroughness and because it remains a small problem for the
administrators which see the error message.

#######################################################################

===========
3) The Code

http://aluigi.org/poc/slnetmsg.zip

#######################################################################

======
4) Fix

As already said this bug can't be considered a real security risk.

#######################################################################