Apple Computer Inc. Affected

Notified:  March 28, 2005 Updated: April 01, 2005

Status

Affected

Vendor Statement

This is fixed in Security Update 2005-003, and further information is available from http://docs.info.apple.com/article.html?artnum=301061

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Conectiva Affected

Notified:  March 28, 2005 Updated: June 06, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Conectiva has released Linux Security Announcement CLA-2005:962 about this issue.

Cray Inc. Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Debian Affected

Updated:  April 04, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have confirmed with the vendor that very early versions of Debian shipped a Telnet client vulnerable to this issue. However, more recent and the current builds of Debian are not affected. However note, the Debian krb5 implementation includes a telnet client as well which is vulnerable. This will be fixed with an update. Version 1.2.4-5woody8 has the corrections to both CAN-2005-0468 and CAN-2005-0469.

EMC Corporation Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Engarde Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

F5 Networks Affected

Notified:  March 28, 2005 Updated: May 03, 2005

Status

Affected

Vendor Statement

The telnet client vulnerabilities are considered local vulnerabilities on BIG-IP 4.x products and will be patched in releases 4.5.13 and 4.6.3. BIG-IP 9.x, FirePass and TrafficShield are not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Fedora Project Affected

Updated:  April 04, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Fedora update notification is available from https://www.redhat.com/archives/fedora-announce-list/2005-March/msg00088.html, the notification indicates that patches are available.

FreeBSD Affected

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

FreeBSD has released FreeBSD-SA-05:01.telnet to address this issue. Please see ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc.

Fujitsu Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Gentoo Linux Affected

Updated:  April 01, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Gentoo has released http://www.gentoo.org/security/en/glsa/glsa-200504-01.xml to address this issue.

Heimdal Affected

Updated:  April 21, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

An advisory has been released for the Heimdal implementation of Kerbos 5 which includes a vulnerable telnet client implementation. The advisory is available at http://www.pdc.kth.se/heimdal/advisory/2005-04-20/ and indicates the vulnerability is fixed in version 0.6.4 of the product.

Hewlett-Packard Company Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Hitachi Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

IBM Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

IBM eServer Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

IBM zSeries Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Immunix Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Ingrian Networks Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Juniper Networks Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

MandrakeSoft Affected

Notified:  March 28, 2005 Updated: April 07, 2005

Status

Affected

Vendor Statement

Mandrakesoft has released http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:061 to address this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Microsoft Corporation Not Affected

Notified:  March 28, 2005 Updated: April 01, 2005

Status

Not Affected

Vendor Statement

We have investigated these reports and have determined that there are no Microsoft platforms affected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

MIT Kerberos Development Team Affected

Updated:  March 30, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

See http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-001-telnet.txt.

MontaVista Software Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

NEC Corporation Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

NetBSD Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Nokia Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Novell Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

OpenBSD Affected

Notified:  March 28, 2005 Updated: April 07, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see http://www.openbsd.org/errata.html number 014.

Openwall GNU/*/Linux Affected

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see http://www.openwall.com/Owl/CHANGES-current.shtml.

Red Hat Inc. Affected

Notified:  March 28, 2005 Updated: July 28, 2005

Status

Affected

Vendor Statement

Vendor Statement: Red Hat, Inc Updates are available for Red Hat Enterprise Linux 2.1, 3 and 4 to correct this issue. New telnet and Kerberos packages along with our advisory are available at the URL below and by using the Red Hat Network 'up2date' tool. http://rhn.redhat.com/errata/CAN-2005-0468.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see http://rhn.redhat.com/errata/RHSA-2005-330.html.

SCO Linux Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

SCO Unix Affected

Notified:  March 28, 2005 Updated: April 14, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

SCO has released a security advisory and patches for UnixWare 7.1.4, 7.1.3 and 7.1.1 to address this issue. The advisory can found at: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.21/SCOSA-2005.21.txt

Sequent Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

SGI Affected

Notified:  March 28, 2005 Updated: April 27, 2005

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

SGI has released Patch 10159 - SGI Advanced Linux Environment 3 Security Update #33, for more information see: ftp://patches.sgi.com/support/free/security/advisories/20050401-01-U.asc SGI has released Patch 5892 for IRIX, for more information see: ftp://patches.sgi.com/support/free/security/advisories/20050405-01-P.asc

Sony Corporation Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Sun Microsystems Inc. Affected

Notified:  March 28, 2005 Updated: April 14, 2005

Status

Affected

Vendor Statement

Sun is impacted by the telnet(1) vulnerabilities described in CERT Vulnerability Notes VU#291924 and VU#341908. Sun has published two Sun Alerts for these issues which describe the impact, contributing factors, workaround options, and resolution details. Sun Alert 57755 which is available here: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1 is for the telnet client shipped with Solaris. The second Sun Alert, 57761, is for the Kerberized telnet shipped with the SEAM product and is available here: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1 The SEAM Sun Alert is currently unresolved but will be updated with patch details as soon as they are available.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

SuSE Inc. Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

TurboLinux Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Unisys Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

WRS Unknown

Notified:  March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

View all 41 vendors View less vendors