Vulnerabilities > CVE-2005-0469 - Remote Buffer Overflow vulnerability in Multiple Vendor Telnet Client LINEMODE Sub-Options

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
ncsa
nessus

Summary

Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.

Vulnerable Configurations

Part Description Count
Application
Ncsa
1

Nessus

  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2005-210-01.NASL
    descriptionNew tcpip packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issues with the telnet client. Overflows in the telnet client may lead to the execution of arbitrary code as the telnet user if the user connects to a malicious telnet server.
    last seen2020-06-01
    modified2020-06-02
    plugin id19857
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19857
    titleSlackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : telnet client (SSA:2005-210-01)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2005-210-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(19857);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:20");
    
      script_cve_id("CVE-2005-0468", "CVE-2005-0469");
      script_xref(name:"SSA", value:"2005-210-01");
    
      script_name(english:"Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : telnet client (SSA:2005-210-01)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New tcpip packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
    10.1, and -current to fix a security issues with the telnet client.
    Overflows in the telnet client may lead to the execution of arbitrary
    code as the telnet user if the user connects to a malicious telnet
    server."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.425797
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c46ea4eb"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected tcpip package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:tcpip");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:8.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/07/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"8.1", pkgname:"tcpip", pkgver:"0.17", pkgarch:"i386", pkgnum:"13b")) flag++;
    
    if (slackware_check(osver:"9.0", pkgname:"tcpip", pkgver:"0.17", pkgarch:"i386", pkgnum:"16b")) flag++;
    
    if (slackware_check(osver:"9.1", pkgname:"tcpip", pkgver:"0.17", pkgarch:"i486", pkgnum:"24b")) flag++;
    
    if (slackware_check(osver:"10.0", pkgname:"tcpip", pkgver:"0.17", pkgarch:"i486", pkgnum:"29b")) flag++;
    
    if (slackware_check(osver:"10.1", pkgname:"tcpip", pkgver:"0.17", pkgarch:"i486", pkgnum:"31b")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"tcpip", pkgver:"0.17", pkgarch:"i486", pkgnum:"33")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_B62C80C2B81A11DABEC500123FFE8333.NASL
    descriptionA Project heimdal Security Advisory reports : The telnet client program in Heimdal has buffer overflows in the functions slc_add_reply() and env_opt_add(), which may lead to remote code execution. The telnetd server program in Heimdal has buffer overflows in the function getterminaltype, which may lead to remote code execution. The rshd server in Heimdal has a privilege escalation bug when storing forwarded credentials. The code allowes a user to overwrite a file with its credential cache, and get ownership of the file.
    last seen2020-06-01
    modified2020-06-02
    plugin id21499
    published2006-05-13
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21499
    titleFreeBSD : heimdal -- Multiple vulnerabilities (b62c80c2-b81a-11da-bec5-00123ffe8333)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-773.NASL
    descriptionThis advisory adds security support for the stable amd64 distribution. It covers all security updates since the release of sarge, which were missing updated packages for the not yet official amd64 port. Future security advisories will include updates for this port as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id57528
    published2012-01-12
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57528
    titleDebian DSA-773-1 : amd64 - several vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-269.NASL
    descriptionUpdated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. Kerberos is a networked authentication system which uses a trusted third-party (a KDC) to authenticate clients and servers to each other. The krb5-workstation package includes a Kerberos-aware telnet client. Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id18327
    published2005-05-19
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18327
    titleFedora Core 2 : krb5-1.3.6-4 (2005-269)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-274.NASL
    descriptionTwo buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id19642
    published2005-09-12
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19642
    titleFedora Core 3 : telnet-0.17-32.FC3.2 (2005-274)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-277.NASL
    descriptionTwo buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id18330
    published2005-05-19
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18330
    titleFedora Core 2 : telnet-0.17-28.FC2.1 (2005-277)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200504-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200504-04 (mit-krb5: Multiple buffer overflows in telnet client) A buffer overflow has been identified in the env_opt_add() function, where a response requiring excessive escaping can cause a heap-based buffer overflow. Another issue has been identified in the slc_add_reply() function, where a large number of SLC commands can overflow a fixed size buffer. Impact : Successful exploitation would require a vulnerable user to connect to an attacker-controlled telnet host, potentially executing arbitrary code with the permissions of the telnet user on the client. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id17978
    published2005-04-06
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17978
    titleGLSA-200504-04 : mit-krb5: Multiple buffer overflows in telnet client
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-270.NASL
    descriptionUpdated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. Kerberos is a networked authentication system which uses a trusted third-party (a KDC) to authenticate clients and servers to each other. The krb5-workstation package includes a Kerberos-aware telnet client. Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id62255
    published2012-09-24
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62255
    titleFedora Core 3 : krb5-1.3.6-5 (2005-270)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200504-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200504-01 (telnet-bsd: Multiple buffer overflows) A buffer overflow has been identified in the env_opt_add() function of telnet-bsd, where a response requiring excessive escaping can cause a heap-based buffer overflow. Another issue has been identified in the slc_add_reply() function, where a large number of SLC commands can overflow a fixed size buffer. Impact : Successful exploitation would require a vulnerable user to connect to an attacker-controlled host using telnet, potentially executing arbitrary code with the permissions of the telnet user. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id17675
    published2005-04-02
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17675
    titleGLSA-200504-01 : telnet-bsd: Multiple buffer overflows
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-224-1.NASL
    descriptionGael Delalleau discovered a buffer overflow in the env_opt_add() function of the Kerberos 4 and 5 telnet clients. By sending specially crafted replies, a malicious telnet server could exploit this to execute arbitrary code with the privileges of the user running the telnet client. (CVE-2005-0468) Gael Delalleau discovered a buffer overflow in the handling of the LINEMODE suboptions in the telnet clients of Kerberos 4 and 5. By sending a specially constructed reply containing a large number of SLC (Set Local Character) commands, a remote attacker (i. e. a malicious telnet server) could execute arbitrary commands with the privileges of the user running the telnet client. (CVE-2005-0469) Daniel Wachdorf discovered two remote vulnerabilities in the Key Distribution Center of Kerberos 5 (krb5-kdc). By sending certain TCP connection requests, a remote attacker could trigger a double-freeing of memory, which led to memory corruption and a crash of the KDC server. (CVE-2005-1174). Under rare circumstances the same type of TCP connection requests could also trigger a buffer overflow that could be exploited to run arbitrary code with the privileges of the KDC server. (CVE-2005-1175) Magnus Hagander discovered that the krb5_recvauth() function attempted to free previously freed memory in some situations. A remote attacker could possibly exploit this to run arbitrary code with the privileges of the program that called this function. Most imporantly, this affects the following daemons: kpropd (from the krb5-kdc package), klogind, and kshd (both from the krb5-rsh-server package). (CVE-2005-1689) Please note that these packages are not officially supported by Ubuntu (they are in the
    last seen2020-06-01
    modified2020-06-02
    plugin id20767
    published2006-01-21
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20767
    titleUbuntu 4.10 / 5.04 : krb4, krb5 vulnerabilities (USN-224-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-731.NASL
    descriptionSeveral problems have been discovered in telnet clients that could be exploited by malicious daemons the client connects to. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-0468 Gael Delalleau discovered a buffer overflow in the env_opt_add() function that allow a remote attacker to execute arbitrary code. - CAN-2005-0469 Gael Delalleau discovered a buffer overflow in the handling of the LINEMODE suboptions in telnet clients. This can lead to the execution of arbitrary code when connected to a malicious server.
    last seen2020-06-01
    modified2020-06-02
    plugin id18518
    published2005-06-17
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18518
    titleDebian DSA-731-1 : krb4 - buffer overflows
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-327.NASL
    descriptionUpdated telnet packages that fix two buffer overflow vulnerabilities are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The telnet package provides a command line telnet client. The telnet-server package includes a telnet daemon, telnetd, that supports remote login to the host machine. Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id17645
    published2005-03-29
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17645
    titleRHEL 2.1 / 3 / 4 : telnet (RHSA-2005:327)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-699.NASL
    descriptionGael Delalleau discovered a buffer overflow in the handling of the LINEMODE suboptions in telnet clients. This can lead to the execution of arbitrary code when connected to a malicious server.
    last seen2020-06-01
    modified2020-06-02
    plugin id17641
    published2005-03-29
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17641
    titleDebian DSA-699-1 : netkit-telnet-ssl - buffer overflow
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-330.NASL
    descriptionUpdated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Kerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other. The krb5-workstation package includes a Kerberos-aware telnet client. Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id17659
    published2005-03-30
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17659
    titleRHEL 2.1 / 3 / 4 : krb5 (RHSA-2005:330)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-101-1.NASL
    descriptionA buffer overflow was discovered in the telnet client
    last seen2020-06-01
    modified2020-06-02
    plugin id20487
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20487
    titleUbuntu 4.10 : netkit-telnet vulnerabilities (USN-101-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200503-36.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200503-36 (netkit-telnetd: Buffer overflow) A buffer overflow has been identified in the slc_add_reply() function of netkit-telnetd client, where a large number of SLC commands can overflow a fixed size buffer. Impact : Successful exploitation would require a vulnerable user to connect to an attacker-controlled host using telnet, potentially executing arbitrary code with the permissions of the telnet user. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id17666
    published2005-04-01
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17666
    titleGLSA-200503-36 : netkit-telnetd: Buffer overflow
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-330.NASL
    descriptionUpdated krb5 packages which fix two buffer overflow vulnerabilities in the included Kerberos-aware telnet client are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Kerberos is a networked authentication system which uses a trusted third party (a KDC) to authenticate clients and servers to each other. The krb5-workstation package includes a Kerberos-aware telnet client. Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id21803
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21803
    titleCentOS 3 : krb5 (CESA-2005:330)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-061.NASL
    descriptionTwo buffer overflow issues were discovered in the way telnet clients handle messages from a server. Because of these issues, an attacker may be able to execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id17658
    published2005-03-30
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17658
    titleMandrake Linux Security Advisory : krb5 (MDKSA-2005:061)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200504-28.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200504-28 (Heimdal: Buffer overflow vulnerabilities) Buffer overflow vulnerabilities in the slc_add_reply() and env_opt_add() functions have been discovered by Gael Delalleau in the telnet client in Heimdal. Impact : Successful exploitation would require a vulnerable user to connect to an attacker-controlled host using the telnet client, potentially executing arbitrary code with the permissions of the user running the application. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id18159
    published2005-04-29
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18159
    titleGLSA-200504-28 : Heimdal: Buffer overflow vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-703.NASL
    descriptionSeveral problems have been discovered in telnet clients that could be exploited by malicious daemons the client connects to. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-0468 Gael Delalleau discovered a buffer overflow in the env_opt_add() function that allow a remote attacker to execute arbitrary code. - CAN-2005-0469 Gael Delalleau discovered a buffer overflow in the handling of the LINEMODE suboptions in telnet clients. This can lead to the execution of arbitrary code when connected to a malicious server.
    last seen2020-06-01
    modified2020-06-02
    plugin id17674
    published2005-04-02
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17674
    titleDebian DSA-703-1 : krb5 - buffer overflows
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-765.NASL
    descriptionGael Delalleau discovered a buffer overflow in the handling of the LINEMODE suboptions in telnet clients. Heimdal, a free implementation of Kerberos 5, also contains such a client. This can lead to the execution of arbitrary code when connected to a malicious server.
    last seen2020-06-01
    modified2020-06-02
    plugin id19270
    published2005-07-22
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19270
    titleDebian DSA-765-1 : heimdal - buffer overflow
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-697.NASL
    descriptionGael Delalleau discovered a buffer overflow in the handling of the LINEMODE suboptions in telnet clients. This can lead to the execution of arbitrary code when connected to a malicious server.
    last seen2020-06-01
    modified2020-06-02
    plugin id17639
    published2005-03-29
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17639
    titleDebian DSA-697-1 : netkit-telnet - buffer overflow

Oval

accepted2013-04-29T04:21:29.965-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionBuffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.
familyunix
idoval:org.mitre.oval:def:9708
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleBuffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.
version27

Redhat

advisories
  • rhsa
    idRHSA-2005:327
  • rhsa
    idRHSA-2005:330
rpms
  • telnet-1:0.17-26.EL3.2
  • telnet-1:0.17-31.EL4.2
  • telnet-debuginfo-1:0.17-26.EL3.2
  • telnet-debuginfo-1:0.17-31.EL4.2
  • telnet-server-1:0.17-26.EL3.2
  • telnet-server-1:0.17-31.EL4.2
  • krb5-debuginfo-0:1.2.7-42
  • krb5-debuginfo-0:1.3.4-12
  • krb5-devel-0:1.2.7-42
  • krb5-devel-0:1.3.4-12
  • krb5-libs-0:1.2.7-42
  • krb5-libs-0:1.3.4-12
  • krb5-server-0:1.2.7-42
  • krb5-server-0:1.3.4-12
  • krb5-workstation-0:1.2.7-42
  • krb5-workstation-0:1.3.4-12

Statements

contributorMark J Cox
lastmodified2007-03-14
organizationRed Hat
statementRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.