SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information

Report a Vulnerability

 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#666073

AbsoluteTelnet vulnerable to buffer overflow via overly long window title

Overview

A remotely exploitable buffer overflow vulnerability exists in AbsoluteTelnet. This vulnerability may allow a malicious server operator to execute arbitrary code on a vulnerable client.

I. Description

AbsoluteTelnet is a terminal client. A remotely exploitable buffer overflow vulnerability exists in the code that sets the terminal titlebar. This vulnerability may allow a malicious server operator to execute arbitrary code. An exploit for this vulnerability is publicly available.

II. Impact

A malicious server operator may be able to execute arbitrary code on a host running AbsoluteTelnet.

III. Solution

Upgrade to AbsoluteTelnet version 2.12 RC10. For information on how to obtain 2.12 RC10, please see http://www.celestialsoftware.net/telnet/beta_software.html.

Systems Affected
VendorStatusDate NotifiedDate Updated
Celestial SoftwareVulnerable7-Feb-2003

References

http://www.celestialsoftware.net/telnet/index.html
http://kokanins.homepage.dk/absolutetelnet.txt

Credit

This vulnerability was discovered by Knud Erik Højgaard.

This document was written by Ian A Finlay.

Other Information

Date Public:2003-02-06
Date First Published:2003-02-07
Date Last Updated:2003-02-07
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Severity Metric:22.20
Document Revision:9

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2003 Carnegie Mellon University
Disclaimers and copyright information
Get a PDF Reader