Vulnerability Note VU#291924
Multiple Telnet clients fail to properly handle the "LINEMODE" SLC suboption
Multiple Telnet clients contain a data length validation flaw which may allow a server to induce arbitrary code execution on the client host.
The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facility. The Telnet protocol is commonly used for command line login sessions between Internet hosts.
Many Telnet client implementations may be vulnerable to a flaw which may allow arbitrary code to be executed on the connected client. The Telnet server may supply a specially crafted reply containing a larger number of RFC1184 LINEMODE "Set Local Character" (SLC) suboption commands, which are not checked for proper length before being stored into a fixed length buffer. Affected Telnet clients possibly include the BSD Telnet implementation and the MIT Kerberos distribution.
A remote server may be able to execute arbitrary code under the permissions of the user running the Telnet client on the local host.
Apply an update from your vendor
As a workaround, the client may explicitly disable the LINEMODE mode before connecting in order to prevent LINEMODE command processing. In addition, as a best practice clients should never connect to unknown servers.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||28 Mar 2005||01 Apr 2005|
|Debian Linux||Affected||28 Mar 2005||29 Mar 2005|
|F5 Networks, Inc.||Affected||28 Mar 2005||02 May 2005|
|Mandriva, Inc.||Affected||28 Mar 2005||01 Apr 2005|
|MiT Kerberos Development Team||Affected||-||29 Mar 2005|
|Red Hat, Inc.||Affected||28 Mar 2005||22 Dec 2005|
|Sun Microsystems, Inc.||Affected||28 Mar 2005||29 Mar 2005|
|Microsoft Corporation||Not Affected||28 Mar 2005||01 Apr 2005|
|Cray Inc.||Unknown||28 Mar 2005||29 Mar 2005|
|EMC Corporation||Unknown||28 Mar 2005||29 Mar 2005|
|Engarde||Unknown||28 Mar 2005||29 Mar 2005|
|FreeBSD, Inc.||Unknown||28 Mar 2005||29 Mar 2005|
|Fujitsu||Unknown||28 Mar 2005||29 Mar 2005|
|Hitachi||Unknown||28 Mar 2005||29 Mar 2005|
|HP||Unknown||28 Mar 2005||29 Mar 2005|
CVSS Metrics (Learn More)
Thanks to iDEFENSE Labs for reporting this vulnerability.
This document was written by Ken MacInnis.
- CVE IDs: CVE-2005-0469
- Date Public: 28 Mar 2005
- Date First Published: 29 Mar 2005
- Date Last Updated: 22 Dec 2005
- Severity Metric: 12.60
- Document Revision: 29
If you have feedback, comments, or additional information about this vulnerability, please send us email.