BSD Based telnetd telrcv Function Remote Command Execution

This script is Copyright (C) 2001-2011 Pavel Kankovsky


Synopsis :

The remote telnet server may be vulnerable to a buffer overflow
attack.

Description :

The Telnet server does not return an expected number of replies when
it receives a long sequence of 'Are You There' commands. This
probably means it overflows one of its internal buffers and crashes.
This could likely lead to arbitrary code execution.

Solution :

Disable the telnet service by, for example, commenting out the
'telnet' line in /etc/inetd.conf.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 10709 ()

Bugtraq ID: 3064

CVE ID: CVE-2001-0554