Sun Microsystems Inc. Information for VU#341908

Multiple Telnet Clients vulnerable to buffer overflow via the env_opt_add() function in telnet.c

Status

Affected

Vendor Statement

Sun is impacted by the telnet(1) vulnerabilities described in CERT Vulnerability Notes VU#291924 and VU#341908. Sun has published two Sun Alerts for these issues which describe the impact, contributing factors, workaround options, and resolution details.

Sun Alert 57755 which is available here:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1

is for the telnet client shipped with Solaris. The second Sun Alert, 57761, is for the Kerberized telnet shipped with the SEAM product and is available here:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1

The SEAM Sun Alert is currently unresolved but will be updated with patch details as soon as they are available.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.