10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.833 High
EPSS
Percentile
98.5%
Severity: High
Date : 2021-06-09
CVE-ID : CVE-2019-0053 CVE-2020-10188
Package : inetutils
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-1003
The package inetutils before version 2.0-1 is vulnerable to arbitrary
code execution.
Upgrade to 2.0-1.
The problems have been fixed upstream in version 2.0.
None.
inetutils before version 1.9.4.90 contains a stack overflow
vulnerability in the client-side environment variable handling which
can be exploited to escape restricted shells on embedded devices. A
stack-based overflow is present in the handling of environment
variables when connecting telnet.c to remote telnet servers through
oversized DISPLAY arguments.
A vulnerability was found in inetutils before version 1.9.4.91 where
incorrect bounds checks in the telnet serverβs (telnetd) handling of
short writes and urgent data could lead to information disclosure and
corruption of heap data. An unauthenticated remote attacker could
exploit these bugs by sending specially crafted telnet packets to
achieve arbitrary code execution in the telnet server.
Requesting environment variables with crafted contents could lead to
arbitrary code execution in a telnet client. Additionally an
unauthenticated remote attacker could execute arbitrary code on a
telnet server via crafted packets.
https://bugs.archlinux.org/task/70040
https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/inetutils-telnet.txt
https://git.savannah.gnu.org/gitweb/?p=inetutils.git;a=commitdiff;h=1480573a908254662074865406ac6fbde4694e5d
https://git.savannah.gnu.org/gitweb/?p=inetutils.git;a=commitdiff;h=07fdb4201a3a5e6df92c0929c65671ce4ba8af5a
https://bugzilla.redhat.com/show_bug.cgi?id=1811673
https://git.savannah.gnu.org/gitweb/?p=inetutils.git;a=commitdiff;h=cd7e7e685daeafb68f19347747af6340731a4518
https://security.archlinux.org/CVE-2019-0053
https://security.archlinux.org/CVE-2020-10188
bugs.archlinux.org/task/70040
bugzilla.redhat.com/show_bug.cgi?id=1811673
git.savannah.gnu.org/gitweb/?p=inetutils.git;a=commitdiff;h=07fdb4201a3a5e6df92c0929c65671ce4ba8af5a
git.savannah.gnu.org/gitweb/?p=inetutils.git;a=commitdiff;h=1480573a908254662074865406ac6fbde4694e5d
git.savannah.gnu.org/gitweb/?p=inetutils.git;a=commitdiff;h=cd7e7e685daeafb68f19347747af6340731a4518
raw.githubusercontent.com/hackerhouse-opensource/exploits/master/inetutils-telnet.txt
security.archlinux.org/AVG-1003
security.archlinux.org/CVE-2019-0053
security.archlinux.org/CVE-2020-10188
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.833 High
EPSS
Percentile
98.5%