NetBSD Information for VU#745371

Multiple vendor telnet daemons vulnerable to buffer overflow via crafted protocol options

Status

Affected

Vendor Statement

All releases of NetBSD are affected. The issue was patched in NetBSD-current on July 19th. A Security Advisory including patches will be available shortly, at:

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc

NetBSD releases since July 2000 have shipped with telnetd disabled by default. If it has been re-enabled on a system, it is highly recommended to disable it at least until patches are installed. Furthermore, NetBSD recommends the use of a Secure Shell instead of telnet for most applications."

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.