CVE-2005-0469
CVSS7.5
发布时间 :2005-05-02 00:00:00
修订时间 :2010-08-21 00:26:11
NMCOPS    

[原文]Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.


[CNNVD]多个Telnet客户端slc_add_reply() 缓冲区溢出漏洞(CNNVD-200505-613)

        TELNET协议允许通过Internet连接到虚拟网络终端上。
        多个TELNET协议客户端的实现在处理telnet子协商选项时存在缓冲区溢出漏洞,如果用户使用有漏洞的客户端程序连接访问恶意telnet服务器,可能导致在客户端机器上执行恶意指令。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9708Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attacker...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0469
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0469
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-613
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/291924
(VENDOR_ADVISORY)  CERT-VN  VU#291924
http://www.redhat.com/support/errata/RHSA-2005-330.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:330
http://www.redhat.com/support/errata/RHSA-2005-327.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:327
http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
(VENDOR_ADVISORY)  IDEFENSE  20050328 Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability
http://www.gentoo.org/security/en/glsa/glsa-200503-36.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200503-36
http://www.debian.org/security/2005/dsa-703
(VENDOR_ADVISORY)  DEBIAN  DSA-703
http://www.debian.org/security/2005/dsa-699
(VENDOR_ADVISORY)  DEBIAN  DSA-699
http://www.debian.org/security/2005/dsa-697
(VENDOR_ADVISORY)  DEBIAN  DSA-697
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-001-telnet.txt
(VENDOR_ADVISORY)  CONFIRM  http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-001-telnet.txt
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1
(VENDOR_ADVISORY)  SUNALERT  57755
ftp://patches.sgi.com/support/free/security/advisories/20050405-01-P
(PATCH)  SGI  20050405-01-P
http://www.ubuntulinux.org/usn/usn-224-1
(UNKNOWN)  UBUNTU  USN-224-1
http://www.securityfocus.com/bid/12918
(UNKNOWN)  BID  12918
http://www.debian.de/security/2005/dsa-731
(UNKNOWN)  DEBIAN  DSA-731
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1
(UNKNOWN)  SUNALERT  57761
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101671-1
(UNKNOWN)  SUNALERT  101671
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101665-1
(UNKNOWN)  SUNALERT  101665
http://secunia.com/advisories/17899
(UNKNOWN)  SECUNIA  17899
http://secunia.com/advisories/14745
(UNKNOWN)  SECUNIA  14745
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc
(VENDOR_ADVISORY)  FREEBSD  FreeBSD-SA-05:01.telnet
http://www.mandriva.com/security/advisories?name=MDKSA-2005:061
(UNKNOWN)  MANDRAKE  MDKSA-2005:061

- 漏洞信息

多个Telnet客户端slc_add_reply() 缓冲区溢出漏洞
高危 缓冲区溢出
2005-05-02 00:00:00 2006-09-22 00:00:00
远程  
        TELNET协议允许通过Internet连接到虚拟网络终端上。
        多个TELNET协议客户端的实现在处理telnet子协商选项时存在缓冲区溢出漏洞,如果用户使用有漏洞的客户端程序连接访问恶意telnet服务器,可能导致在客户端机器上执行恶意指令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Sun Solaris 7.0
        Sun 119519-01
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -119519-01-1
        Heimdal Heimdal 0.6
        Heimdal heimdal-0.6.4.tar.gz
        ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.4.tar.gz
        Heimdal Heimdal 0.6.1
        Heimdal heimdal-0.6.4.tar.gz
        ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.4.tar.gz
        MIT Kerberos 5 1.3.3
        Fedora krb5-debuginfo-1.3.6-4.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora krb5-debuginfo-1.3.6-4.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora krb5-devel-1.3.6-4.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora krb5-devel-1.3.6-4.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora krb5-libs-1.3.6-4.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora krb5-libs-1.3.6-4.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora krb5-server-1.3.6-4.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora krb5-server-1.3.6-4.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora krb5-workstation-1.3.6-4.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora krb5-workstation-1.3.6-4.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        MIT Kerberos 5 1.3.6
        Ubuntu krb5-admin-server_1.3.6-1ubuntu0.1_amd64.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-serv er_1.3.6-1ubuntu0.1_amd64.deb
        Ubuntu krb5-admin-server_1.3.6-1ubuntu0.1_powerpc.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-serv er_1.3.6-1ubuntu0.1_powerpc.deb
        Ubuntu krb5-clients_1.3.6-1ubuntu0.1_amd64.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1. 3.6-1ubuntu0.1_amd64.deb
        Ubuntu krb5-clients_1.3.6-1ubuntu0.1_i386.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1. 3.6-1ubuntu0.1_i386.deb
        Ubuntu krb5-clients_1.3.6-1ubuntu0.1_powerpc.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1. 3.6-1ubuntu0.1_powerpc.deb
        Ubuntu krb5-ftpd_1.3.6-1ubuntu0.1_amd64.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.6 -1ubuntu0.1_amd64.deb
        Ubuntu krb5-ftpd_1.3.6-1ubuntu0.1_i386.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.6 -1ubuntu0.1_i386.deb
        Ubuntu krb5-ftpd_1.3.6-1ubuntu0.1_powerpc.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.3.6 -1ubuntu0.1_powerpc.deb
        Ubuntu krb5-kdc_1.3.6-1ubuntu0.1_amd64.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.6- 1ubuntu0.1_amd64.deb
        Ubuntu krb5-kdc_1.3.6-1ubuntu0.1_i386.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.6- 1ubuntu0.1_i386.deb
        Ubuntu krb5-kdc_1.3.6-1ubuntu0.1_powerpc.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.3.6- 1ubuntu0.1_powerpc.deb
        Ubuntu krb5-rsh-server_1.3.6-1ubuntu0.1_amd64.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server _1.3.6-1ubuntu0.1_amd64.deb
        Ubuntu krb5-rsh-server_1.3.6-1ubuntu0.1_i386.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server _1.3.6-1ubuntu0.1_i386.deb
        Ubuntu krb5-rsh-server_1.3.6-1ubuntu0.1_powerpc.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.

- 漏洞信息 (F38922)

Debian Linux Security Advisory 765-1 (PacketStormID:F38922)
2005-07-28 00:00:00
Debian  security.debian.org
advisory,overflow,arbitrary
linux,debian
CVE-2005-0469
[点击下载]

Debian Security Advisory DSA 765-1 - A buffer overflow was discovered in the handling of the LINEMODE suboptions in telnet clients. Heimdal, a free implementation of Kerberos 5, also contains such a client. This can lead to the execution of arbitrary code when connected to a malicious server.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 765-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 22nd, 2005                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : heimdal
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-0469
CERT advisory  : VU#291924
Debian Bug     : 305574

Ga    

- 漏洞信息 (F38276)

Gentoo Linux Security Advisory 200504-28 (PacketStormID:F38276)
2005-06-24 00:00:00
Gentoo  security.gentoo.org
advisory,overflow,vulnerability
linux,gentoo
CVE-2005-0468,CVE-2005-0469
[点击下载]

Gentoo Linux Security Advisory GLSA 200504-28 - Buffer overflow vulnerabilities in the slc_add_reply() and env_opt_add() functions have been discovered by Gael Delalleau in the telnet client in Heimdal. Versions less than 0.6.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200504-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Heimdal: Buffer overflow vulnerabilities
      Date: April 28, 2005
      Bugs: #89861
        ID: 200504-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Buffer overflow vulnerabilities have been found in the telnet client in
Heimdal which could lead to execution of arbitrary code.

Background
==========

Heimdal is a free implementation of Kerberos 5 that includes a telnet
client program.

Affected packages
=================

    -------------------------------------------------------------------
     Package            /  Vulnerable  /                    Unaffected
    -------------------------------------------------------------------
  1  app-crypt/heimdal       < 0.6.4                          >= 0.6.4

Description
===========

Buffer overflow vulnerabilities in the slc_add_reply() and
env_opt_add() functions have been discovered by Gael Delalleau in the
telnet client in Heimdal.

Impact
======

Successful exploitation would require a vulnerable user to connect to
an attacker-controlled host using the telnet client, potentially
executing arbitrary code with the permissions of the user running the
application.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Heimdal users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-crypt/heimdal-0.6.4"

References
==========

  [ 1 ] CAN-2005-0468
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468
  [ 2 ] CAN-2005-0469
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200504-28.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息 (F37094)

SCOSA-2005.21.txt (PacketStormID:F37094)
2005-04-18 00:00:00
 
advisory,remote,overflow,arbitrary,local
bsd
CVE-2005-0469,CVE-2005-0468
[点击下载]

SCO Security Advisory - Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

			SCO Security Advisory

Subject:		UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : telnet client multiple issues
Advisory number: 	SCOSA-2005.21
Issue date: 		2005 April 08
Cross reference:	sr893210 fz531446 erg712801 CAN-2005-0469 CAN-2005-0468
______________________________________________________________________________


1. Problem Description

	Buffer overflow in the slc_add_reply function in various
	BSD-based Telnet clients, when handling LINEMODE suboptions,
	allows remote attackers to execute arbitrary code via a
	reply with a large number of Set Local Character (SLC)
	commands. 

	The Common Vulnerabilities and Exposures project (cve.mitre.org) 
	has assigned the name CAN-2005-0469 to this issue. 

	Heap-based buffer overflow in the env_opt_add function
	in telnet.c for various BSD-based Telnet clients allows
	remote attackers to execute arbitrary code via responses
	that contain a large number of characters that require
	escaping, which consumers more memory than allocated. 
	
	The Common Vulnerabilities and Exposures project (cve.mitre.org)
	has assigned the name CAN-2005-0468 to this issue.


2. Vulnerable Supported Versions

	System				Binaries
	----------------------------------------------------------------------
	UnixWare 7.1.4 			/usr/bin/telnet
	UnixWare 7.1.3 			/usr/bin/telnet
	UnixWare 7.1.1 			/usr/bin/telnet


3. Solution

	The proper solution is to install the latest packages.


4. UnixWare 7.1.4

	4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.21

	4.2 Verification

	MD5 (erg712801.714.pkg.Z) = bf53673ea12a1c25e3606a5b879adbc4

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools

	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download erg712801.714.pkg.Z to the /var/spool/pkg directory

	# uncompress /var/spool/pkg/erg712801.714.pkg.Z
	# pkgadd -d /var/spool/pkg/erg712801.714.pkg


5. UnixWare 7.1.3

	5.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.21

	5.2 Verification

	MD5 (erg712801.713.pkg.Z) = e876b261afbecb41c18c26d6ec11e71d

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools

	5.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download erg712801.713.pkg.Z to the /var/spool/pkg directory

	# uncompress /var/spool/pkg/erg712801.713.pkg.Z
	# pkgadd -d /var/spool/pkg/erg712801.713.pkg


6. UnixWare 7.1.1

	6.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.21

	6.2 Verification

	MD5 (erg712801.711.pkg.Z) = f3099416a793c1f731bc7e377fe0e4a2

	md5 is available for download from
		ftp://ftp.sco.com/pub/security/tools

	6.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	Download erg712801.711.pkg.Z to the /var/spool/pkg directory

	# uncompress /var/spool/pkg/erg712801.711.pkg.Z
	# pkgadd -d /var/spool/pkg/erg712801.711.pkg


7. References

	Specific references for this advisory:
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468 
		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469 
		http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities 
		http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities

	SCO security resources:
		http://www.sco.com/support/security/index.html

	SCO security advisories via email
		http://www.sco.com/support/forums/security.html

	This security fix closes SCO incidents sr893210 fz531446
	erg712801.


8. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO
	products.


9. Acknowledgments

	SCO would like to thank Gal Delalleau and iDEFENSE

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (SCO/SYSV)

iD8DBQFCVtn4aqoBO7ipriERAkZbAJ9qiuR3M89tJWzyJ3K7Q5NbBRTvMgCfdeFY
JmJIo8zz/ppyCI4EQ5UY9jA=
=8sOq
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F37029)

Gentoo Linux Security Advisory 200504-4 (PacketStormID:F37029)
2005-04-17 00:00:00
Gentoo  security.gentoo.org
advisory,overflow
linux,gentoo
CVE-2005-0468,CVE-2005-0469
[点击下载]

Gentoo Linux Security Advisory GLSA 200504-04 - A buffer overflow has been identified in the env_opt_add() function, where a response requiring excessive escaping can cause a heap-based buffer overflow. Another issue has been identified in the slc_add_reply() function, where a large number of SLC commands can overflow a fixed size buffer. Versions less than 1.3.6-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200504-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: mit-krb5: Multiple buffer overflows in telnet client
      Date: April 06, 2005
      Bugs: #87145
        ID: 200504-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The mit-krb5 telnet client is vulnerable to two buffer overflows, which
could allow a malicious telnet server operator to execute arbitrary
code.

Background
==========

The MIT Kerberos 5 implementation provides a command line telnet client
which is used for remote login via the telnet protocol.

Affected packages
=================

    -------------------------------------------------------------------
     Package             /  Vulnerable  /                   Unaffected
    -------------------------------------------------------------------
  1  app-crypt/mit-krb5     < 1.3.6-r2                     >= 1.3.6-r2

Description
===========

A buffer overflow has been identified in the env_opt_add() function,
where a response requiring excessive escaping can cause a heap-based
buffer overflow. Another issue has been identified in the
slc_add_reply() function, where a large number of SLC commands can
overflow a fixed size buffer.

Impact
======

Successful exploitation would require a vulnerable user to connect to
an attacker-controlled telnet host, potentially executing arbitrary
code with the permissions of the telnet user on the client.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All mit-krb5 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.3.6-r2"

References
==========

  [ 1 ] CAN-2005-0468
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468
  [ 2 ] CAN-2005-0469
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469
  [ 3 ] MITKRB5-SA-2005-001

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-001-telnet.txt

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200504-04.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息 (F36947)

dsa-703.txt (PacketStormID:F36947)
2005-04-14 00:00:00
 
advisory
linux,debian
CVE-2005-0468,CVE-2005-0469
[点击下载]

Debian Security Advisory 703-1 - Several problems have been discovered in telnet clients that could be exploited by malicious daemons the client connects to.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 703-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
April 1st, 2005                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : krb5
Vulnerability  : buffer overflows
Problem-Type   : remote
Debian-specific: no
CVE IDs        : CAN-2005-0468 CAN-2005-0469
CERT advisories: VU#341908 VU#291924

Several problems have been discovered in telnet clients that could be
exploited by malicious daemons the client connects to.  The Common
Vulnerabilities and Exposures project identifies the following
problems:

CAN-2005-0468

    Ga    

- 漏洞信息 (F36938)

Gentoo Linux Security Advisory 200504-1 (PacketStormID:F36938)
2005-04-14 00:00:00
Gentoo  security.gentoo.org
advisory,overflow
linux,bsd,gentoo
CVE-2005-0468,CVE-2005-0469
[点击下载]

Gentoo Linux Security Advisory GLSA 200504-01 - A buffer overflow has been identified in the env_opt_add() function of telnet-bsd, where a response requiring excessive escaping can cause a heap-based buffer overflow. Another issue has been identified in the slc_add_reply() function, where a large number of SLC commands can overflow a fixed size buffer. Versions less than 1.0-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200504-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: telnet-bsd: Multiple buffer overflows
      Date: April 01, 2005
      Bugs: #87019
        ID: 200504-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The telnet-bsd telnet client is vulnerable to two buffer overflows,
which could allow a malicious telnet server operator to execute
arbitrary code.

Background
==========

telnet-bsd provides a command line telnet client which is used for
remote login using the telnet protocol.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /  Vulnerable  /                  Unaffected
    -------------------------------------------------------------------
  1  net-misc/telnet-bsd      < 1.0-r1                       >= 1.0-r1

Description
===========

A buffer overflow has been identified in the env_opt_add() function of
telnet-bsd, where a response requiring excessive escaping can cause a
heap-based buffer overflow. Another issue has been identified in the
slc_add_reply() function, where a large number of SLC commands can
overflow a fixed size buffer.

Impact
======

Successful exploitation would require a vulnerable user to connect to
an attacker-controlled host using telnet, potentially executing
arbitrary code with the permissions of the telnet user.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All telnet-bsd users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/telnet-bsd-1.0-r1"

References
==========

  [ 1 ] CAN-2005-0468
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468
  [ 2 ] IDEF0867

http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities
  [ 3 ] CAN-2005-0469
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469
  [ 4 ] IDEF0866

http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200504-01.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息 (F36914)

Gentoo Linux Security Advisory 200503-36 (PacketStormID:F36914)
2005-04-14 00:00:00
Gentoo  security.gentoo.org
advisory,overflow
linux,gentoo
CVE-2005-0469
[点击下载]

Gentoo Linux Security Advisory GLSA 200503-36 - A buffer overflow has been identified in the slc_add_reply() function of netkit-telnetd client, where a large number of SLC commands can overflow a fixed size buffer. Versions less than 0.17-r6 are affected.

This is a multi-part message in MIME format.

--------------enig5AB53435F202A7CF12E5E13A
Content-Type: text/plain;
	charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200503-36
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: netkit-telnetd: Buffer overflow
      Date: March 31, 2005
      Bugs: #87211
        ID: 200503-36

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The netkit-telnetd telnet client is vulnerable to a buffer overflow,
which could allow a malicious telnet server operator to execute
arbitrary code.

Background
==========

netkit-telnetd provides standard Linux telnet client and server.

Affected packages
=================

    -------------------------------------------------------------------
     Package                  /  Vulnerable  /              Unaffected
    -------------------------------------------------------------------
  1  net-misc/netkit-telnetd      < 0.17-r6                 >= 0.17-r6

Description
===========

A buffer overflow has been identified in the slc_add_reply() function
of netkit-telnetd client, where a large number of SLC commands can
overflow a fixed size buffer.

Impact
======

Successful explotation would require a vulnerable user to connect to an
attacker-controlled host using telnet, potentially executing arbitrary
code with the permissions of the telnet user.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All netkit-telnetd users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/netkit-telnetd-0.17-r6"

References
==========

  [ 1 ] CAN-2005-0469
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469
  [ 2 ] iDEFENSE Advisory 03-28-05

http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200503-36.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


--------------enig5AB53435F202A7CF12E5E13A
Content-Type: application/pgp-signature;
	name="signature.asc"
Content-Transfer-Encoding: 7bit
Content-Description: OpenPGP digital signature
Content-Disposition: attachment;
	filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCS97/vcL1obalX08RAqPTAJ0U96lQ6ItuSV4jrDU16XhgSX4fnwCeJ2kS
RMB/LUN0B0tNRKR3DBoB0YE=
=0wgI
-----END PGP SIGNATURE-----

--------------enig5AB53435F202A7CF12E5E13A--
    

- 漏洞信息 (F36840)

iDEFENSE Security Advisory 2005-03-28.1 (PacketStormID:F36840)
2005-03-29 00:00:00
iDefense Labs,Gael Delalleau  idefense.com
advisory,remote,overflow,arbitrary
solaris,bsd
CVE-2005-0469
[点击下载]

iDEFENSE Security Advisory 03.28.05 - Remote exploitation of an buffer overflow vulnerability error in multiple telnet clients may allow execution of arbitrary commands. The vulnerability specifically exists in the handling of the LINEMODE suboptions, in that there is no size check made on the output, which is stored in a fixed length buffer. iDEFENSE has confirmed the existence of the vulnerability in the telnet client included in the Kerberos V5 Release 1.3.6 package and the client included in the SUNWtnetc package of Solaris 5.9. It is suspected that most BSD based telnet clients are affected by this vulnerability.

Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability

iDEFENSE Security Advisory 03.28.05
www.idefense.com/application/poi/display?id=220&type=vulnerabilities
March 28, 2005

I. BACKGROUND

The TELNET protocol allows virtual network terminals to be connected to
over the internet. The initial description of the protocol was given in
RFC854 in May 1983. Since then there have been many extra features added
including encryption.

II. DESCRIPTION

Remote exploitation of an buffer overflow vulnerability error in 
multiple telnet clients may allow execution of arbitrary commands.

The vulnerability specifically exists in the handling of the LINEMODE
suboptions, in that there is no size check made on the output, which is
stored in a fixed length buffer. By sending a specially constructed
reply containing a large number of SLC (Set Local Character) commands, 
it is possible to overflow this buffer with server supplied data.

III. ANALYSIS

Successful exploitation would allow a remote attacker to execute 
arbitrary code in the context of the user which initiated the telnet 
process. In order to exploit this vulnerability, an attacker would need 
to convince the user to connect to their malicious server. It may be 
possible to automatically launch the telnet command from a webpage, for 
example:

<html><body>
<iframe src='telnet://malicious.server/'>
</body>

On opening this page the telnet client may be launched and attempt to 
connect to the host 'malicious.server'.

IV. DETECTION

iDEFENSE has confirmed the existence of the vulnerability in the telnet 
client included in the Kerberos V5 Release 1.3.6 package and the client 
included in the SUNWtnetc package of Solaris 5.9. It is suspected that 
most BSD based telnet clients are affected by this vulnerability.

V. WORKAROUND

iDEFENSE is currently unaware of any effective workarounds for this 
vulnerability.

VI. VENDOR RESPONSE

The following vendors have provided official responses related to this
vulnerability. Other vendors may be affected but have not provided an
official response.

Vulnerable:

- ALT Linux
All supported ALT Linux distributions include telnet client derived from
OpenBSD 3.0. The slc_add_reply() buffer overflow vulnerability is
present in all our telnet clients.  Updated packages with fixes for
these issues will be released on March 28, 2005.
http://lists.altlinux.ru/pipermail/security-announce/2005-March/000287.html

- Apple Computer, Inc.
Component:  Telnet
Available for: Mac OS X 10.3.8, Mac OS X Server 10.3.8
This is fixed in Security Update 2005-003, which is available at
http://docs.info.apple.com/article.html?artnum=61798

- FreeBSD
FreeBSD-SA-05:01.telnet security advisory:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc

- MIT (Kerberos)
This vulnerability is covered in the following upcoming advisory:
MITKRB5-SA-2005-001:
   http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-001-telnet.txt
patch against krb5-1.4:
      http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt

- Openwall Project
The bugs are fixed starting with telnet package version 3.0-owl2.
   http://www.openwall.com/Owl/CHANGES-current.shtml

- Red Hat, Inc.
Red Hat Enterprise Linux ships with telnet and krb5 packages vulnerable
to this issue.  New telnet and krb5 packages are now available along
with our advisory at the URLs below and by using the Red Hat Network
'up2date' tool.
   Red Hat Enterprise Linux - telnet
      http://rhn.redhat.com/errata/RHSA-2005-330.html
   Red Hat Enterprise Linux - krb5
      http://rhn.redhat.com/errata/RHSA-2005-327.html

- Sun Microsystems Inc.
Sun confirms that the telnet(1) vulnerabilities do affect all
currently supported versions of Solaris:
   Solaris 7, 8, 9 and 10
Sun has released a Sun Alert which describes a workaround until patches
are available at:
   http://sunsolve.sun.com
   Sun Alert #57755  
The Sun Alert will be updated with the patch information once it becomes
available. Sun patches are available from:
   http://sunsolve.sun.com/securitypatch

Not Vulnerable:

- CyberSafe Limited
The CyberSafe TrustBroker products, version 3.0 or later, are not vulnerable.

- Hewlett-Packard Development Company, L.P.
HP-UX and HP Tru64 UNIX are not vulnerable.

- InterSoft International, Inc.
InterSoft International, Inc. products NetTerm, SecureNetTerm and
SNetTerm are not affected by the slc_add_reply() buffer overflow
conditions.

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
names CAN-2005-0469 to these issues. This is a candidate for inclusion
in the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

02/18/2005  Initial vendor notification
03/28/2005  Coordinated public disclosure

IX. CREDIT

Ga    

- 漏洞信息

15094
Multiple Vendor Telnet slc_add_reply Function Remote Overflow
Remote / Network Access, Context Dependent Input Manipulation
Loss of Integrity Patch / RCS
Exploit Private Vendor Verified, Coordinated Disclosure

- 漏洞描述

- 时间线

2005-03-28 Unknow
Unknow 2005-03-28

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, ALT Linux, Apple, FreeBSD, MIT (Kerberos), Openwall Project, Red Hat, and Oracle (previously Sun Microsystems) have released patches to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Multiple Vendor Telnet Client LINEMODE Sub-Options Remote Buffer Overflow Vulnerability
Boundary Condition Error 12918
Yes No
2005-03-28 12:00:00 2007-02-22 06:56:00
Gael Delalleau is credited with the discovery of this issue.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Enterprise Linux 2.0
SuSE SUSE Linux Enterprise Server 8
SuSE SUSE Linux Enterprise Server 7
Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 7.0_x86
Sun Solaris 7.0
Sun Solaris 10_x86
Sun Solaris 10
Sun SEAM 1.0.2
+ Sun Solaris 9_x86
+ Sun Solaris 9
Sun SEAM 1.0.1
Sun SEAM 1.0
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
SGI ProPack 3.0
SGI IRIX 6.5.27
SGI IRIX 6.5.26
SGI IRIX 6.5.25
SGI IRIX 6.5.24 m
SGI IRIX 6.5.24
SGI IRIX 6.5.23 m
SGI IRIX 6.5.23
SGI IRIX 6.5.22 m
SGI IRIX 6.5.22
SGI IRIX 6.5.21 m
SGI IRIX 6.5.21 f
SGI IRIX 6.5.21
SGI IRIX 6.5.20 m
SGI IRIX 6.5.20 f
SGI IRIX 6.5.20
SGI IRIX 6.5.19 m
SGI IRIX 6.5.19 f
SGI IRIX 6.5.19
SGI IRIX 6.5.18 m
SGI IRIX 6.5.18 f
SGI IRIX 6.5.18
SGI IRIX 6.5.17 m
SGI IRIX 6.5.17 f
SGI IRIX 6.5.17
SGI IRIX 6.5.16 m
SGI IRIX 6.5.16 f
SGI IRIX 6.5.16
SGI IRIX 6.5.15 m
SGI IRIX 6.5.15 f
SGI IRIX 6.5.15
SGI IRIX 6.5.14 m
SGI IRIX 6.5.14 f
SGI IRIX 6.5.14
SGI IRIX 6.5.13 m
SGI IRIX 6.5.13 f
SGI IRIX 6.5.13
SGI IRIX 6.5.12 m
SGI IRIX 6.5.12 f
SGI IRIX 6.5.12
SGI IRIX 6.5.11 m
SGI IRIX 6.5.11 f
SGI IRIX 6.5.11
SGI IRIX 6.5.10 m
SGI IRIX 6.5.10 f
SGI IRIX 6.5.10
SGI IRIX 6.5.9 m
SGI IRIX 6.5.9 f
SGI IRIX 6.5.9
SGI IRIX 6.5.8 m
SGI IRIX 6.5.8 f
SGI IRIX 6.5.8
SGI IRIX 6.5.7 m
SGI IRIX 6.5.7 f
SGI IRIX 6.5.7
SGI IRIX 6.5.6 m
SGI IRIX 6.5.6 f
SGI IRIX 6.5.6
SGI IRIX 6.5.5 m
SGI IRIX 6.5.5 f
SGI IRIX 6.5.5
SGI IRIX 6.5.4 m
SGI IRIX 6.5.4 f
SGI IRIX 6.5.4
SGI IRIX 6.5.3 m
SGI IRIX 6.5.3 f
SGI IRIX 6.5.3
SGI IRIX 6.5.2 m
SGI IRIX 6.5.2 f
SGI IRIX 6.5.2
SGI IRIX 6.5.1
SGI IRIX 6.5 20
SGI IRIX 6.5 .19m
SGI IRIX 6.5 .19f
SGI IRIX 6.5
SGI IRIX 6.4
SGI IRIX 6.3
SGI IRIX 6.2
SGI IRIX 6.1
SGI IRIX 6.0.1 XFS
SGI IRIX 6.0.1
SGI IRIX 6.0
SGI IRIX 5.3 XFS
SGI IRIX 5.3
SGI IRIX 5.2
SGI IRIX 5.1.1
SGI IRIX 5.1
SGI IRIX 5.0.1
SGI IRIX 5.0
SGI IRIX 4.0.5 IPR
SGI IRIX 4.0.5 H
SGI IRIX 4.0.5 G
SGI IRIX 4.0.5 F
SGI IRIX 4.0.5 E
SGI IRIX 4.0.5 D
SGI IRIX 4.0.5 A
SGI IRIX 4.0.5 (IOP)
SGI IRIX 4.0.5
SGI IRIX 4.0.4 T
SGI IRIX 4.0.4 B
SGI IRIX 4.0.4
SGI IRIX 4.0.3
SGI IRIX 4.0.2
SGI IRIX 4.0.1 T
SGI IRIX 4.0.1
SGI IRIX 4.0
SGI IRIX 3.3.3
SGI IRIX 3.3.2
SGI IRIX 3.3.1
SGI IRIX 3.3
SGI IRIX 3.2
SCO Unixware 7.1.4
SCO Unixware 7.1.3
SCO Unixware 7.1.1
SCO Open Server 5.0.7
SCO Open Server 5.0.6
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
S.u.S.E. Linux 7.3 sparc
S.u.S.E. Linux 7.3 ppc
S.u.S.E. Linux 7.3 i386
S.u.S.E. Linux 7.3
S.u.S.E. Linux 7.2 i386
S.u.S.E. Linux 7.2
S.u.S.E. Linux 7.1 x86
S.u.S.E. Linux 7.1 sparc
S.u.S.E. Linux 7.1 ppc
S.u.S.E. Linux 7.1 alpha
S.u.S.E. Linux 7.1
S.u.S.E. Linux 7.0 sparc
S.u.S.E. Linux 7.0 ppc
S.u.S.E. Linux 7.0 i386
S.u.S.E. Linux 7.0 alpha
S.u.S.E. Linux 7.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core1
Openwall Openwall GNU/*/Linux 1.1
Openwall Openwall GNU/*/Linux 1.0
Openwall Openwall GNU/*/Linux (Owl)-current
OpenBSD OpenBSD 3.6
OpenBSD OpenBSD 3.5
Netkit Linux Netkit 0.17.17
Netkit Linux Netkit 0.17
Netkit Linux Netkit 0.16
Netkit Linux Netkit 0.15
Netkit Linux Netkit 0.14
Netkit Linux Netkit 0.12
Netkit Linux Netkit 0.11
Netkit Linux Netkit 0.10
Netkit Linux Netkit 0.9
NetBSD NetBSD 2.0.2
NetBSD NetBSD 2.0.1
NetBSD NetBSD 2.0
MIT Kerberos 5 1.4
MIT Kerberos 5 1.3.6
+ Gentoo Linux
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
+ Red Hat Fedora Core1
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
MIT Kerberos 5 1.3.5
MIT Kerberos 5 1.3.4
MIT Kerberos 5 1.3.3
MIT Kerberos 5 1.3.2
MIT Kerberos 5 1.3.1
MIT Kerberos 5 1.3 -alpha1
MIT Kerberos 5 1.3
MIT Kerberos 5 1.2.8
MIT Kerberos 5 1.2.7
MIT Kerberos 5 1.2.6
MIT Kerberos 5 1.2.5
MIT Kerberos 5 1.2.4
MIT Kerberos 5 1.2.3
MIT Kerberos 5 1.2.2 -beta1
MIT Kerberos 5 1.2.2
MIT Kerberos 5 1.2.1
MIT Kerberos 5 1.2
MIT Kerberos 5 1.1.1
+ Red Hat Linux 6.2
- RedHat Linux 7.1 ia64
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
MIT Kerberos 5 1.1
MIT Kerberos 5 1.0.8
MIT Kerberos 5 1.0.6
MIT Kerberos 5 1.0
Heimdal Heimdal 0.6.3
Heimdal Heimdal 0.6.2
Heimdal Heimdal 0.6.1
Heimdal Heimdal 0.6
Heimdal Heimdal 0.5.3
Heimdal Heimdal 0.5.2
Heimdal Heimdal 0.5.1
Heimdal Heimdal 0.5 .0
Heimdal Heimdal 0.4 e
Gentoo Linux
FreeBSD FreeBSD 5.4 -PRERELEASE
FreeBSD FreeBSD 5.3 -STABLE
FreeBSD FreeBSD 5.3 -RELEASE
FreeBSD FreeBSD 5.3
FreeBSD FreeBSD 5.2.1 -RELEASE
FreeBSD FreeBSD 5.2 -RELENG
FreeBSD FreeBSD 5.2 -RELEASE
FreeBSD FreeBSD 5.2
FreeBSD FreeBSD 5.1 -RELENG
FreeBSD FreeBSD 5.1 -RELEASE-p5
FreeBSD FreeBSD 5.1 -RELEASE
FreeBSD FreeBSD 5.1
FreeBSD FreeBSD 5.0 -RELENG
FreeBSD FreeBSD 5.0
FreeBSD FreeBSD 4.11 -STABLE
FreeBSD FreeBSD 4.10 -RELENG
FreeBSD FreeBSD 4.10 -RELEASE
FreeBSD FreeBSD 4.10
FreeBSD FreeBSD 4.9 -RELENG
FreeBSD FreeBSD 4.9 -PRERELEASE
FreeBSD FreeBSD 4.9
FreeBSD FreeBSD 4.8 -RELENG
FreeBSD FreeBSD 4.8 -RELEASE-p7
FreeBSD FreeBSD 4.8 -PRERELEASE
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 4.7 -STABLE
FreeBSD FreeBSD 4.7 -RELENG
FreeBSD FreeBSD 4.7 -RELEASE-p17
FreeBSD FreeBSD 4.7 -RELEASE
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.6.2
FreeBSD FreeBSD 4.6 -STABLE
FreeBSD FreeBSD 4.6 -RELENG
FreeBSD FreeBSD 4.6 -RELEASE-p20
FreeBSD FreeBSD 4.6 -RELEASE
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07
FreeBSD FreeBSD 4.5 -STABLE
FreeBSD FreeBSD 4.5 -RELENG
FreeBSD FreeBSD 4.5 -RELEASE-p32
FreeBSD FreeBSD 4.5 -RELEASE
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.4 -STABLE
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELEASE-p42
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.3 -STABLE
FreeBSD FreeBSD 4.3 -RELENG
FreeBSD FreeBSD 4.3 -RELEASE-p38
FreeBSD FreeBSD 4.3 -RELEASE
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.2 -STABLEpre122300
FreeBSD FreeBSD 4.2 -STABLEpre050201
FreeBSD FreeBSD 4.2 -STABLE
FreeBSD FreeBSD 4.2 -RELEASE
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 4.1.1 -STABLE
FreeBSD FreeBSD 4.1.1 -RELEASE
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.0 .x
FreeBSD FreeBSD 4.0 -RELENG
FreeBSD FreeBSD 4.0 alpha
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 2.0
FreeBSD FreeBSD 4.10-PRERELEASE
F5 BigIP 4.6.2
F5 BigIP 4.6
F5 BigIP 4.5.12
F5 BigIP 4.5.11
F5 BigIP 4.5.10
F5 BigIP 4.5.9
F5 BigIP 4.5.6
F5 BigIP 4.5
F5 BigIP 4.4
F5 BigIP 4.3
F5 BigIP 4.2
F5 BigIP 4.0
F5 3-DNS 4.6.2
F5 3-DNS 4.6
F5 3-DNS 4.5.12
F5 3-DNS 4.5.11
F5 3-DNS 4.5
F5 3-DNS 4.4
F5 3-DNS 4.3
F5 3-DNS 4.2
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya Modular Messaging S3400
Avaya MN100
Avaya Intuity LX
Avaya CVLAN
Avaya Converged Communications Server 2.0
Apple Mac OS X Server 10.3.8
Apple Mac OS X Server 10.3.7
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3
Apple Mac OS X Server 10.2.8
Apple Mac OS X Server 10.2.7
Apple Mac OS X Server 10.2.6
Apple Mac OS X Server 10.2.5
Apple Mac OS X Server 10.2.4
Apple Mac OS X Server 10.2.3
Apple Mac OS X Server 10.2.2
Apple Mac OS X Server 10.2.1
Apple Mac OS X Server 10.2
Apple Mac OS X Server 10.1.5
Apple Mac OS X Server 10.1.4
Apple Mac OS X Server 10.1.3
Apple Mac OS X Server 10.1.2
Apple Mac OS X Server 10.1.1
Apple Mac OS X Server 10.1
Apple Mac OS X Server 10.0
Apple Mac OS X 10.3.8
Apple Mac OS X 10.3.7
Apple Mac OS X 10.3.6
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.3.3
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3
Apple Mac OS X 10.2.8
Apple Mac OS X 10.2.7
Apple Mac OS X 10.2.6
Apple Mac OS X 10.2.5
Apple Mac OS X 10.2.4
Apple Mac OS X 10.2.3
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2.1
Apple Mac OS X 10.2
Apple Mac OS X 10.1.5
Apple Mac OS X 10.1.4
Apple Mac OS X 10.1.3
Apple Mac OS X 10.1.2
Apple Mac OS X 10.1.1
Apple Mac OS X 10.1
Apple Mac OS X 10.1
Apple Mac OS X 10.0.4
Apple Mac OS X 10.0.3
Apple Mac OS X 10.0.2
Apple Mac OS X 10.0.1
Apple Mac OS X 10.0 3
Apple Mac OS X 10.0
ALT Linux ALT Linux Junior 2.3
ALT Linux ALT Linux Compact 2.3
NetBSD NetBSD 2.0.3
Heimdal Heimdal 0.6.4
F5 BigIP 4.6.3
F5 BigIP 4.5.13
F5 3-DNS 4.6.3
F5 3-DNS 4.5.13

- 不受影响的程序版本

NetBSD NetBSD 2.0.3
Heimdal Heimdal 0.6.4
F5 BigIP 4.6.3
F5 BigIP 4.5.13
F5 3-DNS 4.6.3
F5 3-DNS 4.5.13

- 漏洞讨论

A remote buffer-overflow vulnerability affects multiple vendors' Telnet client. This issue is due to the application's failure to properly validate the length of user-supplied strings before copying them into static process buffers.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

- 漏洞利用


Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Please see the referenced advisories for details on obtaining and applying the appropriate updates.


Sun Solaris 7.0

Heimdal Heimdal 0.6

Heimdal Heimdal 0.6.1

MIT Kerberos 5 1.3.3

MIT Kerberos 5 1.3.6

Apple Mac OS X 10.3.8

Debian Linux 3.0 mips

Debian Linux 3.0 mipsel

SCO Unixware 7.1.1

SCO Unixware 7.1.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站