NetBSD telnetd Static Local Variable Overflow

2005-10-31T00:00:00
ID OSVDB:20726
Type osvdb
Reporter OSVDB
Modified 2005-10-31T00:00:00

Description

Vulnerability Description

NetBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when telnetd utilizes static variables, allowing a malicious user to cause a buffer overflow and change the flow of execution. This flaw may lead to a loss of integrity.

Solution Description

Upgrade to version 2.0.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

NetBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when telnetd utilizes static variables, allowing a malicious user to cause a buffer overflow and change the flow of execution. This flaw may lead to a loss of integrity.

References:

Vendor URL: http://www.netbsd.org/ Vendor Specific Advisory URL Security Tracker: 1015132 Related OSVDB ID: 20725 Related OSVDB ID: 20728 Related OSVDB ID: 20731 Related OSVDB ID: 20727 Related OSVDB ID: 20729 Related OSVDB ID: 20730 Other Advisory URL: http://www.uniras.gov.uk/niscc/docs/br-20051101-00969.html?lang=en