Multiple Telnet clients contain a data length validation flaw which may allow a server to induce arbitrary code execution on the client host.
The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facility. The Telnet protocol is commonly used for command line login sessions between Internet hosts.
Many Telnet client implementations may be vulnerable to a flaw which may allow arbitrary code to be executed on the connected client. The Telnet server may supply a specially crafted reply containing a larger number of RFC1184 LINEMODE "Set Local Character" (SLC) suboption commands, which are not checked for proper length before being stored into a fixed length buffer. Affected Telnet clients possibly include the BSD Telnet implementation and the MIT Kerberos distribution.
A remote server may be able to execute arbitrary code under the permissions of the user running the Telnet client on the local host.
Apply an update from your vendor
As a workaround, the client may explicitly disable the LINEMODE mode before connecting in order to prevent LINEMODE command processing. In addition, as a best practice clients should never connect to unknown servers.
Apple Computer, Inc. Affected
Debian Linux Affected
F5 Networks, Inc. Affected
Mandriva, Inc. Affected
MiT Kerberos Development Team Affected
Red Hat, Inc. Affected
Sun Microsystems, Inc. Affected
Microsoft Corporation Not Affected
Cray Inc. Unknown
EMC Corporation Unknown
FreeBSD, Inc. Unknown
IBM Corporation Unknown
IBM eServer Unknown
IBM zSeries Unknown
Ingrian Networks, Inc. Unknown
Juniper Networks, Inc. Unknown
Mandriva, Inc. Unknown
MontaVista Software, Inc. Unknown
NEC Corporation Unknown
Novell, Inc. Unknown
Openwall GNU/*/Linux Unknown
SUSE Linux Unknown
Sequent Computer Systems, Inc. Unknown
Sony Corporation Unknown
The SCO Group (SCO Linux) Unknown
The SCO Group (SCO Unix) Unknown
Wind River Systems, Inc. Unknown
Thanks to iDEFENSE Labs for reporting this vulnerability.
This document was written by Ken MacInnis.
|Date First Published:||2005-03-29|
|Date Last Updated:||2005-12-22 21:22 UTC|