Notified: March 28, 2005 Updated: April 01, 2005
Affected
This is fixed in Security Update 2005-003, and further information is available from http://docs.info.apple.com/article.html?artnum=301061
The vendor has not provided us with any further information regarding this vulnerability.
Notified: March 28, 2005 Updated: June 06, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Conectiva has released Linux Security Announcement CLA-2005:962 about this issue.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Updated: April 04, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
We have confirmed with the vendor that very early versions of Debian shipped a Telnet client vulnerable to this issue. However, more recent and the current builds of Debian are not affected. However note, the Debian krb5 implementation includes a telnet client as well which is vulnerable. This will be fixed with an update. Version 1.2.4-5woody8 has the corrections to both CAN-2005-0468 and CAN-2005-0469.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: May 03, 2005
Affected
The telnet client vulnerabilities are considered local vulnerabilities on BIG-IP 4.x products and will be patched in releases 4.5.13 and 4.6.3. BIG-IP 9.x, FirePass and TrafficShield are not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Updated: April 04, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Fedora update notification is available from https://www.redhat.com/archives/fedora-announce-list/2005-March/msg00088.html, the notification indicates that patches are available.
Notified: March 28, 2005 Updated: March 30, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
FreeBSD has released FreeBSD-SA-05:01.telnet to address this issue. Please see ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Updated: April 01, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Gentoo has released http://www.gentoo.org/security/en/glsa/glsa-200504-01.xml to address this issue.
Updated: April 21, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
An advisory has been released for the Heimdal implementation of Kerbos 5 which includes a vulnerable telnet client implementation. The advisory is available at http://www.pdc.kth.se/heimdal/advisory/2005-04-20/ and indicates the vulnerability is fixed in version 0.6.4 of the product.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: April 07, 2005
Affected
Mandrakesoft has released http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:061 to address this issue.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: April 01, 2005
Not Affected
We have investigated these reports and have determined that there are no Microsoft platforms affected.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Updated: March 30, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
See http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-001-telnet.txt.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: April 07, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see http://www.openbsd.org/errata.html number 014.
Notified: March 28, 2005 Updated: March 30, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see http://www.openwall.com/Owl/CHANGES-current.shtml.
Notified: March 28, 2005 Updated: July 28, 2005
Affected
Vendor Statement: Red Hat, Inc Updates are available for Red Hat Enterprise Linux 2.1, 3 and 4 to correct this issue. New telnet and Kerberos packages along with our advisory are available at the URL below and by using the Red Hat Network 'up2date' tool. http://rhn.redhat.com/errata/CAN-2005-0468.html
The vendor has not provided us with any further information regarding this vulnerability.
Please see http://rhn.redhat.com/errata/RHSA-2005-330.html.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: April 14, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
SCO has released a security advisory and patches for UnixWare 7.1.4, 7.1.3 and 7.1.1 to address this issue. The advisory can found at: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.21/SCOSA-2005.21.txt
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: April 27, 2005
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
SGI has released Patch 10159 - SGI Advanced Linux Environment 3 Security Update #33, for more information see: ftp://patches.sgi.com/support/free/security/advisories/20050401-01-U.asc SGI has released Patch 5892 for IRIX, for more information see: ftp://patches.sgi.com/support/free/security/advisories/20050405-01-P.asc
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: April 14, 2005
Affected
Sun is impacted by the telnet(1) vulnerabilities described in CERT Vulnerability Notes VU#291924 and VU#341908. Sun has published two Sun Alerts for these issues which describe the impact, contributing factors, workaround options, and resolution details. Sun Alert 57755 which is available here: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1 is for the telnet client shipped with Solaris. The second Sun Alert, 57761, is for the Kerberized telnet shipped with the SEAM product and is available here: http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1 The SEAM Sun Alert is currently unresolved but will be updated with patch details as soon as they are available.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 28, 2005 Updated: March 30, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.