NetBSD Information for VU#745371
Multiple vendor telnet daemons vulnerable to buffer overflow via crafted protocol options
All releases of NetBSD are affected. The issue was patched in NetBSD-current on July 19th. A Security Advisory including patches will be available shortly, at:
NetBSD releases since July 2000 have shipped with telnetd disabled by default. If it has been re-enabled on a system, it is highly recommended to disable it at least until patches are installed. Furthermore, NetBSD recommends the use of a Secure Shell instead of telnet for most applications."
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.