278 matches found
CVE-2021-40491
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl...
PT-2021-22897 · Gnu +2 · Gnu Inetutils +2
Name of the Vulnerable Software and Affected Versions: GNU Inetutils versions prior to 2.2 Description: The issue concerns the ftp client in GNU Inetutils, which fails to validate addresses returned by PASV/LSPV responses, ensuring they match the server address. Recommendations: For GNU Inetutils...
CVE-2021-40491
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl...
GNU Inetutils数据伪造问题漏洞
GNU Inetutils is a common set of network programs in the GNU community. A security vulnerability exists in versions of GNU Inetutils prior to 2.2, which stems from a client not validating the addresses returned in a PASV/LSPV response to ensure that they match the server address...
CVE-2021-40491
CVE-2021-40491 affects GNU Inetutils before 2.2, where the FTP client does not validate addresses returned in PASV/LSPV responses against the server address, enabling potential address mismatch exploitation. The connected documents corroborate a related PASV-based risk in curl (CVE-2020-8284) and...
USN-5048-2: Inetutils vulnerability
USN-5048-1 fixed a vulnerability in Inetutils for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding fixes for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Inetutils telnet server allows remote attackers to execute arbitrary code via short writes ...
USN-5048-2 inetutils vulnerability
USN-5048-1 fixed a vulnerability in Inetutils for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding fixes for Ubuntu 16.04 ESM. Original advisory details: It was discovered that Inetutils telnet server allows remote attackers to execute arbitrary code via short writes ...
Ubuntu 18.04 LTS / 20.04 LTS : Inetutils vulnerability (USN-5048-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5048-1 advisory. It was discovered that Inetutils telnet server allows remote attackers to execute arbitrary code via short writes or urgent data. An attacker could us...
USN-5048-1 inetutils vulnerability
It was discovered that Inetutils telnet server allows remote attackers to execute arbitrary code via short writes or urgent data. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code...
USN-5048-1: Inetutils vulnerability
It was discovered that Inetutils telnet server allows remote attackers to execute arbitrary code via short writes or urgent data. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code...
[ASA-202106-20] inetutils: arbitrary code execution
Arch Linux Security Advisory ASA-202106-20 ========================================== Severity: High Date : 2021-06-09 CVE-ID : CVE-2019-0053 CVE-2020-10188 Package : inetutils Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1003 Summary ======= The package...
Debian DLA-2341-1 : inetutils security update
In inetutils-telnetd, an implementation of a telnet daemon, arbitrary remote code execution might have been possible via short writes or urgent data. For Debian 9 stretch, this problem has been fixed in version 2:1.9.4-2+deb9u1. We recommend that you upgrade your inetutils-telnetd packages. For t...
Debian: Security Advisory (DLA-2341-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2341-1] inetutils security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2341-1 [email protected] https://www.debian.org/lts/security/ August 24, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...
DLA-2341-1 inetutils - security update
Bulletin has no description...
Debian: Security Advisory (DLA-2176-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2176-1] inetutils security update
Package : inetutils Version : 2:1.9.2.39.3a460-3+deb8u1 CVE ID : CVE-2020-10188 Debian Bug : 956084 NOTE: This DLA was intially sent on 2020-04-14 but for reasons unknown failed to reach the mailing list. It is being re-sent now to ensure that it appears in the mailing list archive. No new versio...
GNU inetutils < 1.9.4 - (telnet.c) Multiple Overflows Exploit
GNU inetutils = 1.9.4 telnet.c multiple overflows ================================================== GNU inetutils is vulnerable to a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. Most modern...
Mikrotik RouterOS Telnet Arbitrary Root File Creation Vulnerability
An exploitable arbitrary file creation weakness has been identified in Mikrotik RouterOS that can be leveraged by a malicious attacker to exploit all known versions of Mikrotik RouterOS. The RouterOS contains a telnet client based on GNU inetutils with modifications to remove shell subsystem...
Mikrotik RouterOS Telnet Arbitrary Root File Creation
Mikrotik RouterOS telnet arbitrary root file creation 0day ========================================================== This weakness occurs "post-authentication" and can be used to escape the restricted shell on Mikrotik devices and escalate "readonly" privileges. Mikrotik contains a hidden "devel...