Vulnerability Note VU#666073

AbsoluteTelnet vulnerable to buffer overflow via overly long window title

Original Release date: 07 Feb 2003 | Last revised: 07 Feb 2003

Overview

A remotely exploitable buffer overflow vulnerability exists in AbsoluteTelnet. This vulnerability may allow a malicious server operator to execute arbitrary code on a vulnerable client.

Description

AbsoluteTelnet is a terminal client. A remotely exploitable buffer overflow vulnerability exists in the code that sets the terminal titlebar. This vulnerability may allow a malicious server operator to execute arbitrary code. An exploit for this vulnerability is publicly available.

Impact

A malicious server operator may be able to execute arbitrary code on a host running AbsoluteTelnet.

Solution

Upgrade to AbsoluteTelnet version 2.12 RC10. For information on how to obtain 2.12 RC10, please see http://www.celestialsoftware.net/telnet/beta_software.html.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Celestial SoftwareAffected-07 Feb 2003
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was discovered by Knud Erik Højgaard.

This document was written by Ian A Finlay.

Other Information

  • CVE IDs: Unknown
  • Date Public: 06 Feb 2003
  • Date First Published: 07 Feb 2003
  • Date Last Updated: 07 Feb 2003
  • Severity Metric: 22.20
  • Document Revision: 9

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.