Multiple Telnet clients contain a data length validation flaw which may allow a server to induce arbitrary code execution on the client host.
The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facility. The Telnet protocol is commonly used for command line login sessions between Internet hosts.
Many Telnet client implementations may be vulnerable to a flaw which may allow arbitrary code to be executed on the connected client. The Telnet server may supply a specially crafted reply containing a larger number of RFC1184 LINEMODE "Set Local Character" (SLC) suboption commands, which are not checked for proper length before being stored into a fixed length buffer. Affected Telnet clients possibly include the BSD Telnet implementation and the MIT Kerberos distribution.
A remote server may be able to execute arbitrary code under the permissions of the user running the Telnet client on the local host.
Apply an update from your vendor
As a workaround, the client may explicitly disable the LINEMODE mode before connecting in order to prevent LINEMODE command processing. In addition, as a best practice clients should never connect to unknown servers.
Thanks to iDEFENSE Labs for reporting this vulnerability.
|Date First Published:||2005-03-29|
|Date Last Updated:||2005-12-22 21:22 UTC|