netkit-telnetd AYT Command Memory Handling Overflow

2004-10-06T03:48:09
ID OSVDB:10531
Type osvdb
Reporter Michael Zalewski()
Modified 2004-10-06T03:48:09

Description

Vulnerability Description

A remote overflow exists in netkit-telnetd. The telnet daemon has an error within the processing of AYT ("Are You There") commands and may cause an invalid pointer to be freed resulting in a buffer overflow. With a specially crafted request, an attacker may cause a denial of servce or potentially execute arbitrary code resulting in a loss of integrity and/or availability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A remote overflow exists in netkit-telnetd. The telnet daemon has an error within the processing of AYT ("Are You There") commands and may cause an invalid pointer to be freed resulting in a buffer overflow. With a specially crafted request, an attacker may cause a denial of servce or potentially execute arbitrary code resulting in a loss of integrity and/or availability.

References:

Vendor Specific Advisory URL Secunia Advisory ID:12741 Secunia Advisory ID:14750 Secunia Advisory ID:12608 Secunia Advisory ID:12864 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200410-03.xml Other Advisory URL: http://www.debian.org/security/2004/dsa-556 Other Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-101-1 Mail List Post: http://www.securityfocus.com/archive/1/375743 ISS X-Force ID: 17540 CVE-2004-0911 CVE-2001-0554 Bugtraq ID: 11313