Vulnerability Note VU#666073
AbsoluteTelnet vulnerable to buffer overflow via overly long window title
A remotely exploitable buffer overflow vulnerability exists in AbsoluteTelnet. This vulnerability may allow a malicious server operator to execute arbitrary code on a vulnerable client.
AbsoluteTelnet is a terminal client. A remotely exploitable buffer overflow vulnerability exists in the code that sets the terminal titlebar. This vulnerability may allow a malicious server operator to execute arbitrary code. An exploit for this vulnerability is publicly available.
A malicious server operator may be able to execute arbitrary code on a host running AbsoluteTelnet.
Upgrade to AbsoluteTelnet version 2.12 RC10. For information on how to obtain 2.12 RC10, please see http://www.celestialsoftware.net/telnet/beta_software.html.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Celestial Software||Affected||-||07 Feb 2003|
CVSS Metrics (Learn More)
This vulnerability was discovered by Knud Erik Højgaard.
This document was written by Ian A Finlay.
- CVE IDs: Unknown
- Date Public: 06 Feb 2003
- Date First Published: 07 Feb 2003
- Date Last Updated: 07 Feb 2003
- Severity Metric: 22.20
- Document Revision: 9
If you have feedback, comments, or additional information about this vulnerability, please send us email.