netkit telnetd nextitem vulnerability

2020-03-24T00:00:00
ID SAINT:77CF9A4D5DB45BB85B8A2BA7540430A8
Type saint
Reporter SAINT Corporation
Modified 2020-03-24T00:00:00

Description

Added: 03/24/2020

Background

netkit telnetd is a server implementation of the Telnet protocol which comes with many Linux and Unix operating systems.

Problem

An unbounded read and write condition in the **nextitem** function allows remote attackers to execute arbitrary commands on the server.

Resolution

Apply a fix from the operating system vendor when available or disable the Telnet service.

References

<https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html>

Limitations

Exploit works on Fedora 31 netkit-telnet-0.17 with SELinux disabled.

Platforms

Linux