RHEL 2.1 / 3 / 4 : telnet (RHSA-2005:327)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated telnet packages that fix two buffer overflow vulnerabilities
are now available.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

The telnet package provides a command line telnet client. The
telnet-server package includes a telnet daemon, telnetd, that supports
remote login to the host machine.

Two buffer overflow flaws were discovered in the way the telnet client
handles messages from a server. An attacker may be able to execute
arbitrary code on a victim's machine if the victim can be tricked into
connecting to a malicious telnet server. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the names
CVE-2005-0468 and CVE-2005-0469 to these issues.

Additionally, the following bugs have been fixed in these erratum
packages for Red Hat Enterprise Linux 2.1 and Red Hat Enterprise Linux
3 :

- telnetd could loop on an error in the child side process

- There was a race condition in telnetd on a wtmp lock on
some occasions

- The command line in the process table was sometimes too
long and caused bad output from the ps command

- The 8-bit binary option was not working

Users of telnet should upgrade to this updated package, which contains
backported patches to correct these issues.

Red Hat would like to thank iDEFENSE for their responsible disclosure
of this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2005-0468.html
https://www.redhat.com/security/data/cve/CVE-2005-0469.html
http://www.nessus.org/u?69f65c02
http://www.nessus.org/u?0f2f4fd7
http://rhn.redhat.com/errata/RHSA-2005-327.html

Solution :

Update the affected telnet and / or telnet-server packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 17645 ()

Bugtraq ID:

CVE ID: CVE-2005-0468
CVE-2005-0469