Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:341908
HistoryApr 01, 2005 - 12:00 a.m.

Multiple Telnet Clients vulnerable to buffer overflow via the env_opt_add() function in telnet.c

2005-04-0100:00:00
www.kb.cert.org
14

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.938 High

EPSS

Percentile

99.1%

JSON

Overview

Multiple Telnet clients contain a data length validation flaw that may allow a malicious server to execute arbitrary code on the client host with privs of client.

Description

The Telnet network protocol is described in RFC854 and RFC855 as a general, bi-directional communications facility. The Telnet protocol is commonly used for command-line login sessions between Internet hosts.

Many Telnet clients are vulnerable to a buffer overflow condition.

The env_opt_add() function of telnet.c contains a 256-byte buffer that may be expanded to 512 bytes if needed. While checks are in place to ensure that the input buffer for this function is within the size allocated, the Telnet protocol may escape characters contained in the input buffer. If the number of characters escaped causes the resulting input to exceed the 512 byte allocated buffer, a heap overflow occurs.

Several Telnet clients derived from a variety of lineages are confirmed to be affected. Please review the “Systems Affected” section below, or consult with your vendor to determine if you are affected.

Impact

Exploitation of this vulnerability may permit a malicious server to execute arbitrary code with the privileges of the user that invoked the telnet client. An attacker would have to trick a victim into initiating a telnet connection using a vulnerable client. This may be accomplished with an HTML rendered email or web page, using the TELNET:// URI handler, however further user interaction may be required.

Solution

Apply a patch or upgrade as specified by your vendor.

Vendor Information

341908

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer Inc. __ Affected

Notified: March 28, 2005 Updated: April 01, 2005

Status

Affected

Vendor Statement

This is fixed in Security Update 2005-003, and further information is available from <http://docs.info.apple.com/article.html?artnum=301061&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Conectiva __ Affected

Notified: March 28, 2005 Updated: June 06, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Conectiva has released Linux Security Announcement CLA-2005:962 about this issue.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Debian __ Affected

Updated: April 04, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have confirmed with the vendor that very early versions of Debian shipped a Telnet client vulnerable to this issue. However, more recent and the current builds of Debian are not affected. However note, the Debian krb5 implementation includes a telnet client as well which is vulnerable. This will be fixed with an update. Version 1.2.4-5woody8 has the corrections to both CAN-2005-0468 and CAN-2005-0469.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

F5 Networks __ Affected

Notified: March 28, 2005 Updated: May 03, 2005

Status

Affected

Vendor Statement

The telnet client vulnerabilities are considered local vulnerabilities on BIG-IP 4.x products and will be patched in releases 4.5.13 and 4.6.3.

BIG-IP 9.x, FirePass and TrafficShield are not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Fedora Project __ Affected

Updated: April 04, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Fedora update notification is available from <https://www.redhat.com/archives/fedora-announce-list/2005-March/msg00088.html&gt;, the notification indicates that patches are available.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

FreeBSD __ Affected

Notified: March 28, 2005 Updated: March 30, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

FreeBSD has released FreeBSD-SA-05:01.telnet to address this issue. Please see <ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc&gt;.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Gentoo Linux __ Affected

Updated: April 01, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Gentoo has released <http://www.gentoo.org/security/en/glsa/glsa-200504-01.xml&gt; to address this issue.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Heimdal __ Affected

Updated: April 21, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

An advisory has been released for the Heimdal implementation of Kerbos 5 which includes a vulnerable telnet client implementation. The advisory is available at <http://www.pdc.kth.se/heimdal/advisory/2005-04-20/&gt; and indicates the vulnerability is fixed in version 0.6.4 of the product.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

MIT Kerberos Development Team __ Affected

Updated: March 30, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

See <http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-001-telnet.txt&gt;.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

MandrakeSoft __ Affected

Notified: March 28, 2005 Updated: April 07, 2005

Status

Affected

Vendor Statement

Mandrakesoft has released <http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:061&gt; to address this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

OpenBSD __ Affected

Notified: March 28, 2005 Updated: April 07, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see <http://www.openbsd.org/errata.html&gt; number 014.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Openwall GNU/*/Linux __ Affected

Notified: March 28, 2005 Updated: March 30, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see <http://www.openwall.com/Owl/CHANGES-current.shtml&gt;.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Red Hat Inc. __ Affected

Notified: March 28, 2005 Updated: July 28, 2005

Status

Affected

Vendor Statement

Vendor Statement: Red Hat, Inc

Updates are available for Red Hat Enterprise Linux 2.1, 3 and 4 to correct this
issue. New telnet and Kerberos packages along with our advisory are available
at the URL below and by using the Red Hat Network ‘up2date’ tool.

<http://rhn.redhat.com/errata/CAN-2005-0468.html&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see <http://rhn.redhat.com/errata/RHSA-2005-330.html&gt;.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

SCO Unix __ Affected

Notified: March 28, 2005 Updated: April 14, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

SCO has released a security advisory and patches for UnixWare 7.1.4, 7.1.3 and 7.1.1 to address this issue. The advisory can found at:

<ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.21/SCOSA-2005.21.txt&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

SGI __ Affected

Notified: March 28, 2005 Updated: April 27, 2005

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

SGI has released Patch 10159 - SGI Advanced Linux Environment 3 Security
Update #33, for more information see:

<ftp://patches.sgi.com/support/free/security/advisories/20050401-01-U.asc&gt;

SGI has released Patch 5892 for IRIX, for more information see:
<ftp://patches.sgi.com/support/free/security/advisories/20050405-01-P.asc&gt;

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Sun Microsystems Inc. __ Affected

Notified: March 28, 2005 Updated: April 14, 2005

Status

Affected

Vendor Statement

Sun is impacted by the telnet(1) vulnerabilities described in CERT Vulnerability Notes VU#291924 and VU#341908. Sun has published two Sun Alerts for these issues which describe the impact, contributing factors, workaround options, and resolution details.

Sun Alert 57755 which is available here:

<http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1&gt;

is for the telnet client shipped with Solaris. The second Sun Alert, 57761, is for the Kerberized telnet shipped with the SEAM product and is available here:

<http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1&gt;

The SEAM Sun Alert is currently unresolved but will be updated with patch details as soon as they are available.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Microsoft Corporation __ Not Affected

Notified: March 28, 2005 Updated: April 01, 2005

Status

Not Affected

Vendor Statement

We have investigated these reports and have determined that there are no Microsoft platforms affected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Cray Inc. __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

EMC Corporation __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Engarde __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Fujitsu __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Hewlett-Packard Company __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Hitachi __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

IBM __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

IBM eServer __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

IBM zSeries __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Immunix __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Ingrian Networks __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Juniper Networks __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

MontaVista Software __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

NEC Corporation __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

NetBSD __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Nokia __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Novell __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

SCO Linux __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Sequent __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Sony Corporation __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

SuSE Inc. __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

TurboLinux __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

Unisys __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

WRS __ Unknown

Notified: March 28, 2005 Updated: March 30, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23341908 Feedback>).

View all 41 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to iDEFENSE Labs for reporting this vulnerability.

This document was written by Robert Mead and Jason Rafail, and is based on information in iDefense’s advisory.

Other Information

CVE IDs: CVE-2005-0468
Severity Metric: 29.95 Date Public:

Related

openvas 37
nessus 22
debian 10
osv 4
gentoo 4
redhat 2
slackware 1
f5 2
freebsd_advisory 1
debiancve 3
cve 3
ubuntucve 3
securityvulns 2
ubuntu 2
checkpoint_advisories 2
cert 1
cbl_mariner 1
freebsd 1
openvas
openvas
Gentoo Security Advisory GLSA 200504-28 (Heimdal)
2008-09-24 00:00:00
SLES9: Security update for telnet
2009-10-10 00:00:00
Gentoo Security Advisory GLSA 200504-01 (telnet)
2008-09-24 00:00:00
nessus
nessus
CentOS 3 : krb5 (CESA-2005:330)
2006-07-03 00:00:00
Fedora Core 2 : krb5-1.3.6-4 (2005-269)
2005-05-19 00:00:00
RHEL 2.1 / 3 / 4 : krb5 (RHSA-2005:330)
2005-03-30 00:00:00
debian
debian
[SECURITY] [DSA 703-1] New krb5 packages fix arbitrary code execution
2005-04-01 16:00:48
[SECURITY] [DSA 703-1] New krb5 packages fix arbitrary code execution
2005-04-01 16:00:48
[SECURITY] [DSA 731-1] New krb4 packages fix arbitrary code execution
2005-06-02 13:42:59
osv
osv
krb5 - buffer overflows
2005-04-01 00:00:00
krb4 - buffer overflows
2005-06-02 00:00:00
netkit-telnet-ssl - buffer overflow
2005-03-29 00:00:00
gentoo
gentoo
mit-krb5: Multiple buffer overflows in telnet client
2005-04-06 00:00:00
Heimdal: Buffer overflow vulnerabilities
2005-04-28 00:00:00
telnet-bsd: Multiple buffer overflows
2005-04-01 00:00:00
redhat
redhat
(RHSA-2005:327) telnet security update
2005-03-28 00:00:00
(RHSA-2005:330) krb5 security update
2005-03-30 00:00:00
slackware
slackware
telnet client
2005-07-29 21:44:43
f5
f5
BSD telnet vulnerabilities CAN-2005-0468 and CAN-2005-0469
2005-07-21 04:00:00
SOL4441 - BSD telnet vulnerabilities CAN-2005-0468 and CAN-2005-0469
2005-07-20 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-05:01.telnet
2005-03-28 00:00:00
debiancve
debiancve
CVE-2005-2040
2005-06-20 04:00:00
CVE-2005-0468
2005-05-02 04:00:00
CVE-2005-0469
2005-05-02 04:00:00
cve
cve
CVE-2005-2040
2005-06-20 04:00:00
CVE-2005-0468
2005-05-02 04:00:00
CVE-2005-0469
2005-05-02 04:00:00
ubuntucve
ubuntucve
CVE-2005-2040
2005-06-20 00:00:00
CVE-2005-0468
2005-05-02 00:00:00
CVE-2005-0469
2005-05-02 00:00:00
securityvulns
securityvulns
iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client env_opt_add&#40;&#41; Buffer Overflow Vulnerability
2005-03-31 00:00:00
iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply&#40;&#41; Buffer Overflow Vulnerability
2005-03-31 00:00:00
ubuntu
ubuntu
Kerberos vulnerabilities
2005-12-06 00:00:00
telnet vulnerabilities
2005-03-29 00:00:00
checkpoint_advisories
checkpoint_advisories
Multiple Vendor Telnet Client env_opt_add Buffer Overflow (CVE-2005-0468)
2009-10-13 00:00:00
Multiple Vendor Telnet Client LINEMODE Buffer Overflow (CVE-2005-0469)
2009-10-12 00:00:00
cert
cert
Multiple Telnet clients fail to properly handle the "LINEMODE" SLC suboption
2005-03-29 00:00:00
cbl_mariner
cbl_mariner
CVE-2005-0469 affecting package telnet 0.17-81
2024-05-02 21:06:32
freebsd
freebsd
heimdal -- Multiple vulnerabilities
2006-02-06 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.938 High

EPSS

Percentile

99.1%

JSON
Related for VU:341908
openvas37nessus22debian10osv4gentoo4redhat2slackware1f52freebsd_advisory1debiancve3cve3ubuntucve3securityvulns2ubuntu2checkpoint_advisories2cert1cbl_mariner1freebsd1