Cylance Discovers Multiple Critical Vulnerabilities in TeleGrafix RIPterm v2.3

TeleGrafix Not Expected to Release a Fix Any Time Soon

IRVINE, CA – Cylance®, a leading provider of digital-to-analog security, today announced the discovery of multiple critical security vulnerabilities in RIPterm, the predominant graphical terminal software utilized by thousands of Bulletin Board System users worldwide.

"TeleGrafix RIPterm v2.3 contains stack buffer overflow vulnerabilities in its implementations of the level 1 'w' and 'I' RIPScrip commands," wrote Derek Soeder, Principal Researcher at Cylance, in an advisory disclosing the flaws. "Malicious content on a host could exploit one of these vulnerabilities to execute arbitrary code on the client."

Cylance first became aware of the vulnerabilities during a forensic investigation of Advanced Persistent Threat attacks on major BBSes running Barren Realms Elite, a war simulation program. The unnamed attackers appear to have sent spear phishing private messages to users of the BBSes, enticing them to connect to a 'waterhole' BBS. Upon connecting, the victims' computers were breached by a zero-day RIPterm exploit.

Over the course of a few minutes, the compromised systems would download malware from the rogue BBS and add a reference into the AUTOEXEC.BAT file for persistence. Common security suites such as Norton AntiVirus and VirusScan failed to detect the threat at any stage.

"Unfortunately, RIPterm does not deploy mitigations such as Address Space Layout Randomization and Data Execution Prevention," said Soeder. He noted that TeleGrafix, the maker of RIPterm, is not expected to release a fix and recommended that users and developers migrate to newer World Wide Web technology such as Vector Markup Language.

He added, "the BBS days are over."

About Cylance, Inc.

Cylance is the only company to offer a preventive cybersecurity solution that stops advanced threats and malware at the most vulnerable point: the endpoint. Applying a revolutionary artificial intelligence approach, the Cylance endpoint security solution, CylancePROTECT®, analyzes the DNA of code prior to its execution on the endpoint to find and prevent threats others can’t, while using a fraction of the system resources associated with endpoint antivirus and detect and respond solutions that are deployed in enterprises today. For more information visit: www.cylance.com

For More Information:

Cylance press releases and news
Cylance events and Unbelievable Tour dates

Social Networks:

Website: www.cylance.com
Blog: Cylance Blog
Twitter: www.twitter.com/cylanceinc
LinkedIn: http://www.linkedin.com/company/cylanceinc
YouTube: www.youtube.com/cylanceinc