LizardSystems Terminal Services Manager Buffer Overflow Denial-of-Service Vulnerability

A local buffer overflow vulnerability has been identified in LizardSystems Terminal Services Manager version 3.2.1 (Build 247). This vulnerability allows attackers to crash the application by entering an excessively long string, up to 5000 bytes, in the 'Computer name or IP address' field when adding a computer. The denial-of-service condition occurs when the server entry is accessed.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash.

Reproduction

To reproduce this vulnerability, first run a Python script that creates a file containing a 5000-byte buffer of data. Then, open Terminal Services Manager and click 'Add computer'. Paste the contents of the file into the 'Computer name or IP address' field and click 'OK'. After the computer is added, select it in the 'List' tab, go to the 'Servers' tab, and double-click on the created computer entry. The application will crash, demonstrating the denial-of-service condition.