Multiple Telnet clients contain a data length validation flaw that may allow a malicious server to execute arbitrary code on the client host with privs of client.
The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facility. The Telnet protocol is commonly used for command-line login sessions between Internet hosts.
Many Telnet clients are vulnerable to a buffer overflow condition.
Exploitation of this vulnerability may permit a malicious server to execute arbitrary code with the privileges of the user that invoked the telnet client. An attacker would have to trick a victim into initiating a telnet connection using a vulnerable client. This may be accomplished with an HTML rendered email or web page, using the TELNET:// URI handler, however further user interaction may be required.
Apply a patch or upgrade as specified by your vendor.
Apple Computer Inc. Affected
F5 Networks Affected
Fedora Project Affected
Gentoo Linux Affected
MIT Kerberos Development Team Affected
Openwall GNU/*/Linux Affected
Red Hat Inc. Affected
SCO Unix Affected
Sun Microsystems Inc. Affected
Microsoft Corporation Not Affected
Cray Inc. Unknown
EMC Corporation Unknown
Hewlett-Packard Company Unknown
IBM eServer Unknown
IBM zSeries Unknown
Ingrian Networks Unknown
Juniper Networks Unknown
MontaVista Software Unknown
NEC Corporation Unknown
SCO Linux Unknown
Sony Corporation Unknown
SuSE Inc. Unknown
Thanks to iDEFENSE Labs for reporting this vulnerability.
This document was written by Robert Mead and Jason Rafail, and is based on information in iDefense's advisory.
|Date First Published:||2005-04-01|
|Date Last Updated:||2005-07-28 21:01 UTC|