CVE-2005-0768
published 2005-05-02CVE-2005-0768: Buffer overflow in the administration web server for GoodTech Telnet Server 4.0 and 5.0, and possibly all versions before 5.0.7, allows remote attackers to…
PriorityP356critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
59.53%
99.0th percentile
Buffer overflow in the administration web server for GoodTech Telnet Server 4.0 and 5.0, and possibly all versions before 5.0.7, allows remote attackers to execute arbitrary code via a long string to port 2380.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| goodtech_systems | goodtech_telnet_server | — | — |
| goodtech_systems | goodtech_telnet_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\xDE\xC0\xAD\xDE
bytes↗
\x81\xc4\xff\xef\xff\xff\x44
- →Detect exploitation attempts by monitoring for abnormally long HTTP GET requests (>10000 bytes) sent to TCP port 2380, targeting the GoodTech Telnet Server administration web interface. ↗
- →The Metasploit exploit uses a 10020-byte random English string with the SEH overwrite placed at offset 10012; alert on HTTP requests to port 2380 exceeding ~10000 bytes. ↗
- →The PoC exploit sends exactly 10032+ bytes starting with 'GET /' to port 2380; network signatures should match GET requests of this length on that port. ↗
- →The Metasploit module targets Windows 2000 Pro English All with RET address 0x75022ac4 and Windows XP Pro SP0/SP1 English with RET address 0x71aa32ad; these return addresses in network traffic to port 2380 are strong indicators of exploitation. ↗
- →Bad characters for payload encoding include null bytes and common HTTP special characters; their absence in a large request body to port 2380 may indicate a crafted exploit payload. ↗
- ·The vulnerability affects GoodTech Telnet Server versions 4.0, 5.0, and all versions prior to 5.0.7; version 5.0.7 and later are not affected. ↗
- ·The overflow occurs in the administration web server component (port 2380), not the Telnet service port itself; ensure detection rules target port 2380 specifically. ↗
- ·The Metasploit module uses EXITFUNC=thread, meaning the exploited process may continue running after shellcode execution, potentially masking post-exploitation activity. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
GoodTech Telnet Server 5.0.6 - Remote Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2005-0768 GoodTech Telnet Server 5.0.6 - Remote Buffer Overflow (Metasploit)
GoodTech Telnet Server 5.0.6 - Remote Buffer Overflow (Metasploit)
---
##
# $Id: goodtech_telnet.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'GoodTech Telnet Server %q{
This module exploits a stack buffer overflow in GoodTech Systems Telnet Server
versions prior to 5.0.7. By sending an overly long string, an attacker can
overwrite the buffer and control program execution.
},
'License' => MSF_LICENSE,
'Author' => 'MC',
'Version' => '$Revision: 9262 $',
'References' =>
[
[ 'CVE', '2005-0768' ],
[ 'OSVDB
Exploit-DB
GoodTech Telnet Server < 5.0.7 - Buffer Overflow Crash
exploitdb·2005-03-15
CVE-2005-0768 GoodTech Telnet Server < 5.0.7 - Buffer Overflow Crash
GoodTech Telnet Server
#include
#include
int main(int argc, char **argv)
{
SOCKET sock;
struct sockaddr_in sock_addr;
WSADATA data;
WORD p;
p=MAKEWORD(2,0);
WSAStartup(p,&data);
int i, n, err;
unsigned char *mex;
char risp[4096];
printf("------------------------------------------------------------------------------\r\n");
printf("\tGoodTech Telnet Server Buffer Overflow Crash POC\r\n");
printf("\t\t\tcreated by Komrade\r\n\r\n");
printf("\t\te-mail: unsecure(at)altervista(dot)org\r\n");
printf("\t\tweb: http://unsecure.altervista.org\r\n");
printf("------------------------------------------------------------------------------\r\n\r\n");
if (argc < 2){
printf("Usage: gtscrash.exe \"IP address\"\r\n\r\n");
printf("Options:\r\n");
printf("IP address\tThe IP address of the computer runni
Metasploit
GoodTech Telnet Server Buffer Overflow
metasploit
GoodTech Telnet Server Buffer Overflow
GoodTech Telnet Server Buffer Overflow
This module exploits a stack buffer overflow in GoodTech Systems Telnet Server versions prior to 5.0.7. By sending an overly long string, an attacker can overwrite the buffer and control program execution.
No writeups or analysis indexed.
2005-05-02
Published