Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

xtell 2.6.1 User Status Remote Information Disclosure Vulnerability

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 36 Views

xtell 2.6.1 User Status Remote Information Disclosure Vulnerabilit

Code

                                                source: http://www.securityfocus.com/bid/4196/info

xtell is a simple network messaging program. It may be used to transmit terminal messages between users and machines. xtell is available for Linux, BSD and most other Unix based operating systems.

An information disclosure vulnerability has been reported in some versions of xtell. When a message is sent to a user, the response generated by xtell states whether that user is currently logged on to the system. An attacker may be able to use this information to aid in additional attacks, or in social engineering attempts.

It is possible to send a maliciously formatted message to xtell such that this information is disclosed, yet no message is displayed or logged. This may allow the attack to go undetected.

Earlier versions of xtell may share this vulnerability. This has not been confirmed. 

echo :USER::`perl -e 'print "A" x 2000'`| nc victimhost 4224

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
xtellnetwork messaginginformation disclosurevulnerabilityuser statusremoteattacksocial engineeringunixlinuxbsd
36