Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200410-03
HistoryOct 05, 2004 - 12:00 a.m.

NetKit-telnetd: buffer overflows in telnet and telnetd

2004-10-0500:00:00
Gentoo Foundation
security.gentoo.org
35

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

83.0%

JSON

Background

NetKit-telnetd is a standard Linux telnet client and server from the NetKit utilities.

Description

A possible buffer overflow exists in the parsing of option strings by the telnet daemon, where proper bounds checking is not applied when writing to a buffer. Additionaly, another possible buffer overflow has been found by Josh Martin in the handling of the environment variable HOME.

Impact

A remote attacker sending a specially-crafted options string to the telnet daemon could be able to run arbitrary code with the privileges of the user running the telnet daemon, usually root. Furthermore, an attacker could make use of an overlong HOME variable to cause a buffer overflow in the telnet client, potentially leading to the local execution of arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All NetKit-telnetd users should upgrade to the latest version:

 # emerge sync

 # emerge -pv ">=net-misc/netkit-telnetd-0.17-r4"
 # emerge ">=net-misc/netkit-telnetd-0.17-r4"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/netkit-telnetd<= 0.17-r3UNKNOWN

Related

openvas 8
nessus 7
securityvulns 1
nvd 2
cve 2
cisco 2
cert 1
cvelist 2
ubuntucve 1
debiancve 1
openvas
openvas
Debian Security Advisory DSA 075-1 (netkit-telnet-ssl)
2008-01-17 00:00:00
Debian Security Advisory DSA 075-1 (netkit-telnet-ssl)
2008-01-17 00:00:00
Debian Security Advisory DSA 070-1 (netkit-telnet)
2008-01-17 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : krb5 (MDKSA-2001:093)
2004-07-31 00:00:00
GLSA-200410-03 : NetKit-telnetd: buffer overflows in telnet and telnetd
2004-10-06 00:00:00
Debian DSA-070-1 : netkit-telnet - remote exploit
2004-09-29 00:00:00
securityvulns
securityvulns
[Full-Disclosure] Debian netkit telnetd vulnerability
2004-09-19 00:00:00
nvd
nvd
CVE-2001-0554
2001-08-14 04:00:00
CVE-2004-0911
2004-11-03 05:00:00
cve
cve
CVE-2001-0554
2002-03-09 05:00:00
CVE-2004-0911
2004-11-03 05:00:00
cisco
cisco
Cisco CatOS Telnet Buffer Vulnerability
2002-01-29 15:00:00
Cisco VPN 3000 Concentrator Multiple Vulnerabilities
2002-09-03 15:00:00
cert
cert
Multiple vendor telnet daemons vulnerable to buffer overflow via crafted protocol options
2001-07-24 00:00:00
cvelist
cvelist
CVE-2001-0554
2002-03-09 05:00:00
CVE-2004-0911
2004-09-28 04:00:00
ubuntucve
ubuntucve
CVE-2004-0911
2004-11-03 00:00:00
debiancve
debiancve
CVE-2004-0911
2004-11-03 05:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

83.0%

JSON
Related for GLSA-200410-03
openvas8nessus7securityvulns1nvd2cve2cisco2cert1cvelist2ubuntucve1debiancve1