FreeBSD Information for VU#745371
Multiple vendor telnet daemons vulnerable to buffer overflow via crafted protocol options
All released versions of FreeBSD are vulnerable to this problem, which was fixed in FreeBSD 4.3-STABLE and FreeBSD 3.5.1-STABLE on July 23, 2001. An advisory has been released, along with a patch to correct the vulnerability and a binary upgrade package suitable for use on FreeBSD 4.3-RELEASE systems. For more information, see the advisory at the following location:
or use an FTP mirror site from the following URL:
The vendor has not provided us with any further information regarding this vulnerability.
FreeBSD has also released ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01%3A54.ports-telnetd.asc, a follow up advisory releated to third party implementations found in FreeBSD ports collection.
If you have feedback, comments, or additional information about this vulnerability, please send us email.