Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:291924
HistoryMar 29, 2005 - 12:00 a.m.

Multiple Telnet clients fail to properly handle the "LINEMODE" SLC suboption

2005-03-2900:00:00
www.kb.cert.org
16

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.921 High

EPSS

Percentile

98.9%

JSON

Overview

Multiple Telnet clients contain a data length validation flaw which may allow a server to induce arbitrary code execution on the client host.

Description

The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facility. The Telnet protocol is commonly used for command line login sessions between Internet hosts.

Many Telnet client implementations may be vulnerable to a flaw which may allow arbitrary code to be executed on the connected client. The Telnet server may supply a specially crafted reply containing a larger number of RFC1184 LINEMODE “Set Local Character” (SLC) suboption commands, which are not checked for proper length before being stored into a fixed length buffer. Affected Telnet clients possibly include the BSD Telnet implementation and the MIT Kerberos distribution.

The Telnet LINEMODE mode is enabled by default in a majority of modern Telnet clients and servers, and is often negotiated automatically before user input is required. Therefore, an attacker may be able to launch a vulnerable client, for example, through commands embedded in web pages such as an IFRAME with a “telnet:” URL, and exploit this flaw requiring only minimal or no user interaction.

Impact

A remote server may be able to execute arbitrary code under the permissions of the user running the Telnet client on the local host.

Solution

Apply an update from your vendor
Patches, updates, and fixes are available from multiple vendors.

As a workaround, the client may explicitly disable the LINEMODE mode before connecting in order to prevent LINEMODE command processing. In addition, as a best practice clients should never connect to unknown servers.

Vendor Information

291924

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer, Inc. __ Affected

Notified: March 28, 2005 Updated: April 01, 2005

Status

Affected

Vendor Statement

This is fixed in Security Update 2005-003, and further information is available from <http://docs.info.apple.com/article.html?artnum=301061&gt;.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Debian Linux __ Affected

Notified: March 28, 2005 Updated: March 29, 2005

Status

Affected

Vendor Statement

Debian is vulnerable for this problem. In our stable distribution the following

versions will correct the problem:

netkit-telnet stable 0.17-18woody3
netkit-telnet-ssl stable 0.17.17+0.1-2woody4

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

F5 Networks, Inc. __ Affected

Notified: March 28, 2005 Updated: May 02, 2005

Status

Affected

Vendor Statement

The telnet client vulnerabilities are considered local vulnerabilities on BIG-IP 4.x products and will be patched in releases 4.5.13 and 4.6.3. BIG-IP 9.x, FirePass and TrafficShield are not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Mandriva, Inc. __ Affected

Notified: March 28, 2005 Updated: April 01, 2005

Status

Affected

Vendor Statement

Mandrakesoft has issued the advisory MDKSA-2005:061 to fix the vulnerabilities in our kerberos telnet client packages.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

MiT Kerberos Development Team __ Affected

Updated: March 29, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

MIT Kerberos has issued MIT krb5 Security Advisory 2005-001 in response to this vulnerability.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Red Hat, Inc. __ Affected

Notified: March 28, 2005 Updated: December 22, 2005

Status

Affected

Vendor Statement

`Updates are available for Red Hat Enterprise Linux 2.1, 3, and 4 to
correct this issue. New telnet and Kerberos packages along with our
advisory are available at the URL below and by using the Red Hat Network
‘up2date’ tool.

<http://rhn.redhat.com/errata/CAN-2005-0469.html&gt;`

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sun Microsystems, Inc. __ Affected

Notified: March 28, 2005 Updated: March 29, 2005

Status

Affected

Vendor Statement

Sun confirms that the telnet(1) vulnerabilities do affect all
currently supported versions of Solaris:
Solaris 7, 8, 9 and 10

Sun has released a Sun Alert which describes a workaround until patches
are available at:

<http://sunsolve.sun.com>
Sun Alert #57755

The Sun Alert will be updated with the patch information once it becomes
available. Sun patches are available from:
<http://sunsolve.sun.com/securitypatch&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Microsoft Corporation __ Not Affected

Notified: March 28, 2005 Updated: April 01, 2005

Status

Not Affected

Vendor Statement

We have investigated these reports and have determined that there are no Microsoft platforms affected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Cray Inc. __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

EMC Corporation __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Engarde __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

FreeBSD, Inc. __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Fujitsu __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

HP __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Hitachi __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

IBM Corporation __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

IBM eServer __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

IBM zSeries __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Immunix __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Ingrian Networks, Inc. __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Juniper Networks, Inc. __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Mandriva, Inc. __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

MontaVista Software, Inc. __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

NEC Corporation __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

NetBSD __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Nokia __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Novell, Inc. __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

OpenBSD __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Openwall GNU/*/Linux __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

SGI __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

SUSE Linux __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Sequent Computer Systems, Inc. __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Sony Corporation __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

The SCO Group (SCO Linux) __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

The SCO Group (SCO Unix) __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

TurboLinux __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Unisys __ Unknown

Notified: March 28, 2005 Updated: March 29, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

Wind River Systems, Inc. __ Unknown

Notified: March 28, 2005 Updated: August 08, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).

View all 38 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to iDEFENSE Labs for reporting this vulnerability.

This document was written by Ken MacInnis.

Other Information

CVE IDs: CVE-2005-0469
Severity Metric: 12.60 Date Public:

Related

checkpoint_advisories 1
nessus 22
openvas 37
ubuntucve 2
gentoo 4
cbl_mariner 1
osv 4
debian 10
debiancve 2
securityvulns 1
cve 2
redhat 2
slackware 1
ubuntu 2
freebsd_advisory 1
f5 2
cert 1
freebsd 1
checkpoint_advisories
checkpoint_advisories
Multiple Vendor Telnet Client LINEMODE Buffer Overflow (CVE-2005-0469)
2009-10-12 00:00:00
nessus
nessus
Debian DSA-697-1 : netkit-telnet - buffer overflow
2005-03-29 00:00:00
Debian DSA-699-1 : netkit-telnet-ssl - buffer overflow
2005-03-29 00:00:00
GLSA-200503-36 : netkit-telnetd: Buffer overflow
2005-04-01 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200503-36 (netkit-telnetd)
2008-09-24 00:00:00
Debian Security Advisory DSA 697-1 (netkit-telnet)
2008-01-17 00:00:00
Debian Security Advisory DSA 765-1 (heimdal)
2008-01-17 00:00:00
ubuntucve
ubuntucve
CVE-2005-0469
2005-05-02 00:00:00
CVE-2005-2040
2005-06-20 00:00:00
gentoo
gentoo
netkit-telnetd: Buffer overflow
2005-03-31 00:00:00
mit-krb5: Multiple buffer overflows in telnet client
2005-04-06 00:00:00
telnet-bsd: Multiple buffer overflows
2005-04-01 00:00:00
cbl_mariner
cbl_mariner
CVE-2005-0469 affecting package telnet 0.17-81
2024-05-02 09:06:29
osv
osv
netkit-telnet-ssl - buffer overflow
2005-03-29 00:00:00
netkit-telnet - buffer overflow
2005-03-29 00:00:00
krb5 - buffer overflows
2005-04-01 00:00:00
debian
debian
[SECURITY] [DSA 765-1] New heimdal packages fix arbitrary code execution
2005-07-27 06:22:40
[SECURITY] [DSA 699-1] New netkit-telnet-ssl packages fix arbitrary code execution
2005-03-29 13:22:55
[SECURITY] [DSA 697-1] New netkit-telnet packages fix arbitrary code execution
2005-03-29 08:06:08
debiancve
debiancve
CVE-2005-0469
2005-05-02 04:00:00
CVE-2005-2040
2005-06-20 04:00:00
securityvulns
securityvulns
iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply&#40;&#41; Buffer Overflow Vulnerability
2005-03-31 00:00:00
cve
cve
CVE-2005-0469
2005-05-02 04:00:00
CVE-2005-2040
2005-06-20 04:00:00
redhat
redhat
(RHSA-2005:327) telnet security update
2005-03-28 00:00:00
(RHSA-2005:330) krb5 security update
2005-03-30 00:00:00
slackware
slackware
telnet client
2005-07-29 21:44:43
ubuntu
ubuntu
telnet vulnerabilities
2005-03-29 00:00:00
Kerberos vulnerabilities
2005-12-06 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-05:01.telnet
2005-03-28 00:00:00
f5
f5
BSD telnet vulnerabilities CAN-2005-0468 and CAN-2005-0469
2005-07-21 04:00:00
SOL4441 - BSD telnet vulnerabilities CAN-2005-0468 and CAN-2005-0469
2005-07-20 00:00:00
cert
cert
Multiple Telnet Clients vulnerable to buffer overflow via the env_opt_add() function in telnet.c
2005-04-01 00:00:00
freebsd
freebsd
heimdal -- Multiple vulnerabilities
2006-02-06 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.921 High

EPSS

Percentile

98.9%

JSON
Related for VU:291924
checkpoint_advisories1nessus22openvas37ubuntucve2gentoo4cbl_mariner1osv4debian10debiancve2securityvulns1cve2redhat2slackware1ubuntu2freebsd_advisory1f52cert1freebsd1