Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN101-1 : netkit-telnet vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
netkit-telnet vulnerabilities

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- telnet
- telnetd

Description :

A buffer overflow was discovered in the telnet client's handling of
the LINEMODE suboptions. By sending a specially constructed reply
containing a large number of SLC (Set Local Character) commands, a
remote attacker (i. e. a malicious telnet server) could execute
arbitrary commands with the rights of the user running the telnet
client. (CVE-2005-0469)

Michal Zalewski discovered a Denial of Service vulnerability in the
telnet server (telnetd). A remote attacker could cause the telnetd
process to free an invalid pointer, which caused the server process to
crash, leading to a denial of service (inetd will disable the service
if telnetd crashed repeatedly), or possibly the execution of arbitrary
code with the rights of the telnetd process (by default,
the 'telnetd' user). Please note that the telnet server is not
officially supported by Ubuntu, it is in the "universe"
component. (CVE-2004-0911)

Solution :

Upgrade to :
- telnet-0.17-24ubuntu0.1 (Ubuntu 4.10)
- telnetd-0.17-24ubuntu0.1 (Ubuntu 4.10)

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.