7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.921 High
EPSS
Percentile
98.9%
Multiple Telnet clients contain a data length validation flaw which may allow a server to induce arbitrary code execution on the client host.
The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facility. The Telnet protocol is commonly used for command line login sessions between Internet hosts.
Many Telnet client implementations may be vulnerable to a flaw which may allow arbitrary code to be executed on the connected client. The Telnet server may supply a specially crafted reply containing a larger number of RFC1184 LINEMODE “Set Local Character” (SLC) suboption commands, which are not checked for proper length before being stored into a fixed length buffer. Affected Telnet clients possibly include the BSD Telnet implementation and the MIT Kerberos distribution.
The Telnet LINEMODE mode is enabled by default in a majority of modern Telnet clients and servers, and is often negotiated automatically before user input is required. Therefore, an attacker may be able to launch a vulnerable client, for example, through commands embedded in web pages such as an IFRAME with a “telnet:” URL, and exploit this flaw requiring only minimal or no user interaction.
A remote server may be able to execute arbitrary code under the permissions of the user running the Telnet client on the local host.
Apply an update from your vendor
Patches, updates, and fixes are available from multiple vendors.
As a workaround, the client may explicitly disable the LINEMODE mode before connecting in order to prevent LINEMODE command processing. In addition, as a best practice clients should never connect to unknown servers.
291924
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: March 28, 2005 Updated: April 01, 2005
Affected
This is fixed in Security Update 2005-003, and further information is available from <http://docs.info.apple.com/article.html?artnum=301061>.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Affected
Debian is vulnerable for this problem. In our stable distribution the following
versions will correct the problem:
netkit-telnet stable 0.17-18woody3
netkit-telnet-ssl stable 0.17.17+0.1-2woody4
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: May 02, 2005
Affected
The telnet client vulnerabilities are considered local vulnerabilities on BIG-IP 4.x products and will be patched in releases 4.5.13 and 4.6.3. BIG-IP 9.x, FirePass and TrafficShield are not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: April 01, 2005
Affected
Mandrakesoft has issued the advisory MDKSA-2005:061 to fix the vulnerabilities in our kerberos telnet client packages.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Updated: March 29, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
MIT Kerberos has issued MIT krb5 Security Advisory 2005-001 in response to this vulnerability.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: December 22, 2005
Affected
`Updates are available for Red Hat Enterprise Linux 2.1, 3, and 4 to
correct this issue. New telnet and Kerberos packages along with our
advisory are available at the URL below and by using the Red Hat Network
‘up2date’ tool.
<http://rhn.redhat.com/errata/CAN-2005-0469.html>`
The vendor has not provided us with any further information regarding this vulnerability.
Notified: March 28, 2005 Updated: March 29, 2005
Affected
Sun confirms that the telnet(1) vulnerabilities do affect all
currently supported versions of Solaris:
Solaris 7, 8, 9 and 10
Sun has released a Sun Alert which describes a workaround until patches
are available at:
<http://sunsolve.sun.com>
Sun Alert #57755
The Sun Alert will be updated with the patch information once it becomes
available. Sun patches are available from:
<http://sunsolve.sun.com/securitypatch>
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: April 01, 2005
Not Affected
We have investigated these reports and have determined that there are no Microsoft platforms affected.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: March 29, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
Notified: March 28, 2005 Updated: August 08, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23291924 Feedback>).
View all 38 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to iDEFENSE Labs for reporting this vulnerability.
This document was written by Ken MacInnis.
CVE IDs: | CVE-2005-0469 |
---|---|
Severity Metric: | 12.60 Date Public: |