Overview
Multiple Telnet clients contain a data length validation flaw which may allow a server to induce arbitrary code execution on the client host.
Description
The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facility. The Telnet protocol is commonly used for command line login sessions between Internet hosts. Many Telnet client implementations may be vulnerable to a flaw which may allow arbitrary code to be executed on the connected client. The Telnet server may supply a specially crafted reply containing a larger number of RFC1184 LINEMODE "Set Local Character" (SLC) suboption commands, which are not checked for proper length before being stored into a fixed length buffer. Affected Telnet clients possibly include the BSD Telnet implementation and the MIT Kerberos distribution. |
Impact
A remote server may be able to execute arbitrary code under the permissions of the user running the Telnet client on the local host. |
Solution
Apply an update from your vendor |
As a workaround, the client may explicitly disable the LINEMODE mode before connecting in order to prevent LINEMODE command processing. In addition, as a best practice clients should never connect to unknown servers. |
Vendor Information
Apple Computer, Inc. Affected
Notified: March 28, 2005 Updated: April 01, 2005
Status
Affected
Vendor Statement
This is fixed in Security Update 2005-003, and further information is available from http://docs.info.apple.com/article.html?artnum=301061.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Debian Linux Affected
Notified: March 28, 2005 Updated: March 29, 2005
Status
Affected
Vendor Statement
Debian is vulnerable for this problem. In our stable distribution the following
versions will correct the problem:
netkit-telnet stable 0.17-18woody3
netkit-telnet-ssl stable 0.17.17+0.1-2woody4
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
F5 Networks, Inc. Affected
Notified: March 28, 2005 Updated: May 02, 2005
Status
Affected
Vendor Statement
The telnet client vulnerabilities are considered local vulnerabilities on BIG-IP 4.x products and will be patched in releases 4.5.13 and 4.6.3. BIG-IP 9.x, FirePass and TrafficShield are not vulnerable.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Mandriva, Inc. Affected
Notified: March 28, 2005 Updated: April 01, 2005
Status
Affected
Vendor Statement
Mandrakesoft has issued the advisory MDKSA-2005:061 to fix the vulnerabilities in our kerberos telnet client packages.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
MiT Kerberos Development Team Affected
Updated: March 29, 2005
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
MIT Kerberos has issued MIT krb5 Security Advisory 2005-001 in response to this vulnerability.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Red Hat, Inc. Affected
Notified: March 28, 2005 Updated: December 22, 2005
Status
Affected
Vendor Statement
Updates are available for Red Hat Enterprise Linux 2.1, 3, and 4 to
correct this issue. New telnet and Kerberos packages along with our
advisory are available at the URL below and by using the Red Hat Network
'up2date' tool.
http://rhn.redhat.com/errata/CAN-2005-0469.html
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Sun Microsystems, Inc. Affected
Notified: March 28, 2005 Updated: March 29, 2005
Status
Affected
Vendor Statement
Sun confirms that the telnet(1) vulnerabilities do affect all
currently supported versions of Solaris:
Solaris 7, 8, 9 and 10
Sun has released a Sun Alert which describes a workaround until patches
are available at:
http://sunsolve.sun.com
Sun Alert #57755
The Sun Alert will be updated with the patch information once it becomes
available. Sun patches are available from:
http://sunsolve.sun.com/securitypatch
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Microsoft Corporation Not Affected
Notified: March 28, 2005 Updated: April 01, 2005
Status
Not Affected
Vendor Statement
We have investigated these reports and have determined that there are no Microsoft platforms affected.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Cray Inc. Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
EMC Corporation Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Engarde Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
FreeBSD, Inc. Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Fujitsu Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
HP Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Hitachi Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
IBM Corporation Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
IBM eServer Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
IBM zSeries Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Immunix Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Ingrian Networks, Inc. Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Juniper Networks, Inc. Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Mandriva, Inc. Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
MontaVista Software, Inc. Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NEC Corporation Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NetBSD Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Nokia Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Novell, Inc. Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
OpenBSD Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Openwall GNU/*/Linux Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SGI Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SUSE Linux Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sequent Computer Systems, Inc. Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sony Corporation Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
The SCO Group (SCO Linux) Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
The SCO Group (SCO Unix) Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
TurboLinux Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Unisys Unknown
Notified: March 28, 2005 Updated: March 29, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Wind River Systems, Inc. Unknown
Notified: March 28, 2005 Updated: August 08, 2005
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
- https://rhn.redhat.com/errata/RHSA-2005-327.html
- http://secunia.com/advisories/14745/
- http://web.mit.edu/kerberos/www/...s/MITKRB5-SA-2005-001-telnet.txt
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1
- http://www.auscert.org.au/5134
Acknowledgements
Thanks to iDEFENSE Labs for reporting this vulnerability.
This document was written by Ken MacInnis.
Other Information
| CVE IDs: | CVE-2005-0469 |
| Severity Metric: | 12.60 |
| Date Public: | 2005-03-28 |
| Date First Published: | 2005-03-29 |
| Date Last Updated: | 2005-12-22 21:22 UTC |
| Document Revision: | 29 |