10 - DSA-070

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	netkit-telnet AYT buffer overflow

Informations
Name	DSA-070	First vendor Publication	2001-08-10
Vendor	Debian	Last vendor Modification	2001-08-10
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The telnet daemon contained in the netkit-telnet_0.16-4potato1 package in the 'stable' (potato) distribution of Debian GNU/Linux is vulnerable to an exploitable overflow in its output handling. The original bug was found by , and announced to bugtraq on Jul 18 2001. At that time, netkit-telnet versions after 0.14 were not believed to be vulnerable. On Aug 10 2001, zen-parse posted an advisory based on the same problem, for all netkit-telnet versions below 0.17. More details can be found on http://www.securityfocus.com/archive/1/203000 . As Debian uses the 'telnetd' user to run in.telnetd, this is not a remote root compromise on Debian systems; the 'telnetd' user can be compromised.

We strongly advise you update your netkit-telnet packages to the versions listed below.

wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

Debian GNU/Linux 2.2 alias potato

Original Source

Url : http://www.debian.org/security/2001/dsa-070

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1828

Oval ID:	oval:org.mitre.oval:def:1828
Title:	Buffer Overflow in "in.telnetd"or "telnetd"Process
Description:	Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2001-0554	Version:	1
Platform(s):	Sun Solaris 7 Sun Solaris 8	Product(s):
Definition Synopsis:
Solaris 8 (SPARC) Solaris 8 Installed AND sparc architecture AND System is unpatched SEAM and patch 110060-10 Solaris Enterprise Authentication Mechanism (ANY SUNWkr5sl/SUNWkr5sv/SUNWkrgdo/SUNWkrggl) Sun Enterprise Authentication Mechanism (SEAM, SUNWkr5sv) installed AND Sun Enterprise Authentication Mechanism (SEAM, SUNWkr5sl) installed AND Sun Enterprise Authentication Mechanism (SEAM, SUNWkrgdo) installed AND Sun Enterprise Authentication Mechanism (SEAM, SUNWkrggl) installed AND NOT Patch 110060-10 or later installed AND NOT Patch 110668-03 or later installed OR Solaris 8 (x86) Solaris 8 Installed AND ix86 architecture AND System is unpatched SEAM and patch 110061-10 Solaris Enterprise Authentication Mechanism (ANY SUNWkr5sl/SUNWkr5sv/SUNWkrgdo/SUNWkrggl) Sun Enterprise Authentication Mechanism (SEAM, SUNWkr5sv) installed AND Sun Enterprise Authentication Mechanism (SEAM, SUNWkr5sl) installed AND Sun Enterprise Authentication Mechanism (SEAM, SUNWkrgdo) installed AND Sun Enterprise Authentication Mechanism (SEAM, SUNWkrggl) installed AND NOT Patch 110061-10 or later installed AND NOT Patch 110669-03 or later installed OR Solaris 7 (SPARC) Solaris 7 Installed AND sparc architecture AND System is unpatched SEAM and patch 110057-04 Solaris Enterprise Authentication Mechanism (ANY SUNWkr5sl/SUNWkr5sv/SUNWkrgdo/SUNWkrggl) Sun Enterprise Authentication Mechanism (SEAM, SUNWkr5sv) installed AND Sun Enterprise Authentication Mechanism (SEAM, SUNWkr5sl) installed AND Sun Enterprise Authentication Mechanism (SEAM, SUNWkrgdo) installed AND Sun Enterprise Authentication Mechanism (SEAM, SUNWkrggl) installed AND NOT Patch 110057-04 or later installed AND NOT Patch 107475-04 or later installed OR Solaris 7 (x86) Solaris 7 Installed AND ix86 architecture AND System is unpatched SEAM and patch 110058-04 Solaris Enterprise Authentication Mechanism (ANY SUNWkr5sl/SUNWkr5sv/SUNWkrgdo/SUNWkrggl) Sun Enterprise Authentication Mechanism (SEAM, SUNWkr5sv) installed AND Sun Enterprise Authentication Mechanism (SEAM, SUNWkr5sl) installed AND Sun Enterprise Authentication Mechanism (SEAM, SUNWkrgdo) installed AND Sun Enterprise Authentication Mechanism (SEAM, SUNWkrggl) installed AND NOT Patch 110058-04 or later installed AND NOT Patch 107476-04 or later installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mit Kerberos cpe:2.3:a:mit:kerberos:1.0:::::::*	1
Application	Mit Kerberos 5 cpe:2.3:a:mit:kerberos_5:1.2.2:::::::* cpe:2.3:a:mit:kerberos_5:1.2.1:::::::* cpe:2.3:a:mit:kerberos_5:1.2:-:::::: cpe:2.3:a:mit:kerberos_5:1.1.1:::::::* cpe:2.3:a:mit:kerberos_5:1.1:::::::*	5
Application	Netkit Linux Netkit cpe:2.3:a:netkit:linux_netkit:0.12:::::::* cpe:2.3:a:netkit:linux_netkit:0.11:::::::* cpe:2.3:a:netkit:linux_netkit:0.10:::::::*	3
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:2.2:::::::*	1
Os	Freebsd cpe:2.3:o:freebsd:freebsd:4.3:-:::::: cpe:2.3:o:freebsd:freebsd:4.2:::::::* cpe:2.3:o:freebsd:freebsd:4.1.1:::::::* cpe:2.3:o:freebsd:freebsd:4.1:::::::* cpe:2.3:o:freebsd:freebsd:4.0:alpha:::::: cpe:2.3:o:freebsd:freebsd:4.0:::::::* cpe:2.3:o:freebsd:freebsd:4.0:releng:::::: cpe:2.3:o:freebsd:freebsd:3.5.1:release:::::: cpe:2.3:o:freebsd:freebsd:3.5.1:::::::* cpe:2.3:o:freebsd:freebsd:3.5.1:stable:::::: cpe:2.3:o:freebsd:freebsd:3.5:::::::* cpe:2.3:o:freebsd:freebsd:3.5:stable:::::: cpe:2.3:o:freebsd:freebsd:3.4:::::::* cpe:2.3:o:freebsd:freebsd:3.3:-:::::: cpe:2.3:o:freebsd:freebsd:3.2:::::::* cpe:2.3:o:freebsd:freebsd:3.1:::::::* cpe:2.3:o:freebsd:freebsd:3.0:::::::* cpe:2.3:o:freebsd:freebsd:3.0:releng:::::: cpe:2.3:o:freebsd:freebsd:2.2.8:::::::* cpe:2.3:o:freebsd:freebsd:2.2.7:::::::* cpe:2.3:o:freebsd:freebsd:2.2.6:::::::* cpe:2.3:o:freebsd:freebsd:2.2.5:::::::* cpe:2.3:o:freebsd:freebsd:2.2.4:::::::* cpe:2.3:o:freebsd:freebsd:2.2.3:::::::* cpe:2.3:o:freebsd:freebsd:2.2.2:::::::* cpe:2.3:o:freebsd:freebsd:2.2.1:::::::* cpe:2.3:o:freebsd:freebsd:2.2:::::::* cpe:2.3:o:freebsd:freebsd:2.2:current:::::: cpe:2.3:o:freebsd:freebsd:2.1.7.1:::::::* cpe:2.3:o:freebsd:freebsd:2.1.7:::::::* cpe:2.3:o:freebsd:freebsd:2.1.6.1:::::::* cpe:2.3:o:freebsd:freebsd:2.1.6:::::::* cpe:2.3:o:freebsd:freebsd:2.1.5:::::::* cpe:2.3:o:freebsd:freebsd:2.1.0:::::::* cpe:2.3:o:freebsd:freebsd:2.1:stable:::::: cpe:2.3:o:freebsd:freebsd:2.0.5:::::::* cpe:2.3:o:freebsd:freebsd:2.0.1:::::::* cpe:2.3:o:freebsd:freebsd:2.0:::::::*	38
Os	Ibm Aix cpe:2.3:o:ibm:aix:5.1:::::::* cpe:2.3:o:ibm:aix:4.3.3:::::::* cpe:2.3:o:ibm:aix:4.3.2:::::::* cpe:2.3:o:ibm:aix:4.3.1:::::::* cpe:2.3:o:ibm:aix:4.3:::::::*	5
Os	Netbsd cpe:2.3:o:netbsd:netbsd:1.5.1:::::::* cpe:2.3:o:netbsd:netbsd:1.5:::::::* cpe:2.3:o:netbsd:netbsd:1.4.3:::::::* cpe:2.3:o:netbsd:netbsd:1.4.2:::::::* cpe:2.3:o:netbsd:netbsd:1.4.1:::::::* cpe:2.3:o:netbsd:netbsd:1.4:::::::* cpe:2.3:o:netbsd:netbsd:1.3.3:::::::* cpe:2.3:o:netbsd:netbsd:1.3.2:::::::* cpe:2.3:o:netbsd:netbsd:1.3.1:::::::* cpe:2.3:o:netbsd:netbsd:1.3:::::::* cpe:2.3:o:netbsd:netbsd:1.2.1:::::::* cpe:2.3:o:netbsd:netbsd:1.2:::::::* cpe:2.3:o:netbsd:netbsd:1.1:::::::* cpe:2.3:o:netbsd:netbsd:1.0:::::::*	14
Os	Openbsd cpe:2.3:o:openbsd:openbsd:2.8:::::::* cpe:2.3:o:openbsd:openbsd:2.7:::::::* cpe:2.3:o:openbsd:openbsd:2.6:::::::* cpe:2.3:o:openbsd:openbsd:2.5:::::::* cpe:2.3:o:openbsd:openbsd:2.4:::::::* cpe:2.3:o:openbsd:openbsd:2.3:::::::* cpe:2.3:o:openbsd:openbsd:2.2:::::::* cpe:2.3:o:openbsd:openbsd:2.1:::::::* cpe:2.3:o:openbsd:openbsd:2.0:::::::*	9
Os	Sgi Irix cpe:2.3:o:sgi:irix:6.5:::::::*	1
Os	Sun Sunos cpe:2.3:o:sun:sunos:5.8:::::::* cpe:2.3:o:sun:sunos:5.7:::::::* cpe:2.3:o:sun:sunos:5.6:::::::* cpe:2.3:o:sun:sunos:5.5.1:::::::* cpe:2.3:o:sun:sunos:5.5:::::::* cpe:2.3:o:sun:sunos:5.4:::::::* cpe:2.3:o:sun:sunos:5.3:::::::* cpe:2.3:o:sun:sunos:5.2:::::::* cpe:2.3:o:sun:sunos:5.1:::::::* cpe:2.3:o:sun:sunos:5.0:::::::*	10

OpenVAS Exploits

Date	Description
2008-09-24	Name : Gentoo Security Advisory GLSA 200410-03 (netkit-telnetd) File : nvt/glsa_200410_03.nasl
2008-01-17	Name : Debian Security Advisory DSA 070-1 (netkit-telnet) File : nvt/deb_070_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 075-1 (netkit-telnet-ssl) File : nvt/deb_075_1.nasl
2005-11-03	Name : TESO in.telnetd buffer overflow File : nvt/teso_telnet.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
809	Multiple BSD Telnet telrcv Functin Remote Command Execution A remote overflow exists in multiple BSD-based telnet daemons. The 'telrcv' function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Snort® IPS/IDS

Date	Description
2014-01-10	bsd exploit client finishing RuleID : 1253-community - Revision : 24 - Type : PROTOCOL-TELNET
2014-01-10	bsd exploit client finishing RuleID : 1253 - Revision : 24 - Type : PROTOCOL-TELNET
2014-01-10	bsd telnet exploit response RuleID : 1252-community - Revision : 25 - Type : PROTOCOL-TELNET
2014-01-10	bsd telnet exploit response RuleID : 1252 - Revision : 25 - Type : PROTOCOL-TELNET

Nessus® Vulnerability Scanner

Date	Description
2004-10-06	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200410-03.nasl - Type : ACT_GATHER_INFO
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-070.nasl - Type : ACT_GATHER_INFO
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-075.nasl - Type : ACT_GATHER_INFO
2004-07-31	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2001-068.nasl - Type : ACT_GATHER_INFO
2004-07-31	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2001-093.nasl - Type : ACT_GATHER_INFO
2002-06-05	Name : The remote device is missing a vendor-supplied security patch. File : CSCdw19195.nasl - Type : ACT_GATHER_INFO
2001-07-24	Name : The remote telnet server may be vulnerable to a buffer overflow attack. File : teso_telnet.nasl - Type : ACT_DESTRUCTIVE_ATTACK

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:25:27	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	87
osvdb(s)	1
Openvas Exploit(s)	4
Snort® Rule(s)	4
Nessus® Exploit(s)	7

	Related
10	CVE-2001-0554
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)