Sun Microsystems Inc. Information for VU#341908
Multiple Telnet Clients vulnerable to buffer overflow via the env_opt_add() function in telnet.c
- Vendor Information Help Date Notified: 28 Mar 2005
- Statement Date:
- Date Updated: 14 Apr 2005
Sun is impacted by the telnet(1) vulnerabilities described in CERT Vulnerability Notes VU#291924 and VU#341908. Sun has published two Sun Alerts for these issues which describe the impact, contributing factors, workaround options, and resolution details.
Sun Alert 57755 which is available here:
is for the telnet client shipped with Solaris. The second Sun Alert, 57761, is for the Kerberized telnet shipped with the SEAM product and is available here:
The SEAM Sun Alert is currently unresolved but will be updated with patch details as soon as they are available.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.