netkit-telnetd: Buffer overflow — GLSA 200503-36

The netkit-telnetd telnet client is vulnerable to a buffer overflow, which could allow a malicious telnet server operator to execute arbitrary code.

Affected Packages

net-misc/netkit-telnetd on all architectures
Affected versions < 0.17-r6
Unaffected versions >= 0.17-r6

Background

netkit-telnetd provides standard Linux telnet client and server.

Description

A buffer overflow has been identified in the slc_add_reply() function of netkit-telnetd client, where a large number of SLC commands can overflow a fixed size buffer.

Impact

Successful explotation would require a vulnerable user to connect to an attacker-controlled host using telnet, potentially executing arbitrary code with the permissions of the telnet user.

Workaround

There is no known workaround at this time.

Resolution

All netkit-telnetd users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/netkit-telnetd-0.17-r6"

References

Release Date
March 31, 2005

Latest Revision
March 31, 2005: 01

Severity
normal

Exploitable
remote

Bugzilla entries