Vulnerability Note VU#341908
Multiple Telnet Clients vulnerable to buffer overflow via the env_opt_add() function in telnet.c
Multiple Telnet clients contain a data length validation flaw that may allow a malicious server to execute arbitrary code on the client host with privs of client.
The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facility. The Telnet protocol is commonly used for command-line login sessions between Internet hosts.
Many Telnet clients are vulnerable to a buffer overflow condition.
Exploitation of this vulnerability may permit a malicious server to execute arbitrary code with the privileges of the user that invoked the telnet client. An attacker would have to trick a victim into initiating a telnet connection using a vulnerable client. This may be accomplished with an HTML rendered email or web page, using the TELNET:// URI handler, however further user interaction may be required.
Apply a patch or upgrade as specified by your vendor.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer Inc.||Affected||28 Mar 2005||01 Apr 2005|
|Conectiva||Affected||28 Mar 2005||06 Jun 2005|
|Debian||Affected||-||04 Apr 2005|
|F5 Networks||Affected||28 Mar 2005||03 May 2005|
|Fedora Project||Affected||-||04 Apr 2005|
|FreeBSD||Affected||28 Mar 2005||30 Mar 2005|
|Gentoo Linux||Affected||-||01 Apr 2005|
|Heimdal||Affected||-||21 Apr 2005|
|MandrakeSoft||Affected||28 Mar 2005||07 Apr 2005|
|MIT Kerberos Development Team||Affected||-||30 Mar 2005|
|OpenBSD||Affected||28 Mar 2005||07 Apr 2005|
|Openwall GNU/*/Linux||Affected||28 Mar 2005||30 Mar 2005|
|Red Hat Inc.||Affected||28 Mar 2005||28 Jul 2005|
|SCO Unix||Affected||28 Mar 2005||14 Apr 2005|
|SGI||Affected||28 Mar 2005||27 Apr 2005|
CVSS Metrics (Learn More)
Thanks to iDEFENSE Labs for reporting this vulnerability.
This document was written by Robert Mead and Jason Rafail, and is based on information in iDefense's advisory.
- CVE IDs: CAN-2005-0468
- Date Public: 28 Mar 2005
- Date First Published: 01 Apr 2005
- Date Last Updated: 28 Jul 2005
- Severity Metric: 29.95
- Document Revision: 28
If you have feedback, comments, or additional information about this vulnerability, please send us email.