Описание
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
A vulnerability was found where incorrect bounds checks in the telnet server’s (telnetd) handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated remote attacker could exploit these bugs by sending specially crafted telnet packets to achieve arbitrary code execution in the telnet server.
Отчет
This vulnerability exists in the telnet-server package, not in the telnet client-side package. For a Red Hat Enterprise Linux host to be vulnerable, it must have telnet-server installed and the telnetd service enabled. Use of telnetd is not recommended, as it is an un-encrypted protocol with cleartext transmission of passwords; alternatives such as openssh are preferred.
Меры по смягчению последствий
When in enforcing mode, SELinux as configured in Red Hat Enterprise Linux provides some mitigation against an exploit for telnet-server, because it limits the kind of operations it can perform and programs that can be run from the telnet-server's context.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | telnet | Out of support scope | ||
| Red Hat Enterprise Linux 6 | telnet | Fixed | RHSA-2020:1335 | 06.04.2020 |
| Red Hat Enterprise Linux 6 | krb5-appl | Fixed | RHSA-2020:1349 | 07.04.2020 |
| Red Hat Enterprise Linux 7 | telnet | Fixed | RHSA-2020:1334 | 06.04.2020 |
| Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118) | telnet | Fixed | RHSA-2022:0011 | 04.01.2022 |
| Red Hat Enterprise Linux 7.6 Telco Extended Update Support | telnet | Fixed | RHSA-2022:0011 | 04.01.2022 |
| Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions | telnet | Fixed | RHSA-2022:0011 | 04.01.2022 |
| Red Hat Enterprise Linux 7.7 Advanced Update Support | telnet | Fixed | RHSA-2022:0158 | 18.01.2022 |
| Red Hat Enterprise Linux 7.7 Telco Extended Update Support | telnet | Fixed | RHSA-2022:0158 | 18.01.2022 |
| Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions | telnet | Fixed | RHSA-2022:0158 | 18.01.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
utility.c in telnetd in netkit telnet through 0.17 allows remote attac ...
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
EPSS
9.8 Critical
CVSS3