Ubuntu Security Notice (C) 2005-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
A buffer overflow was discovered in the telnet client's handling of
the LINEMODE suboptions. By sending a specially constructed reply
containing a large number of SLC (Set Local Character) commands, a
remote attacker (i. e. a malicious telnet server) could execute
arbitrary commands with the privileges of the user running the telnet
Michal Zalewski discovered a Denial of Service vulnerability in the
telnet server (telnetd). A remote attacker could cause the telnetd
process to free an invalid pointer, which caused the server process to
crash, leading to a denial of service (inetd will disable the service
if telnetd crashed repeatedly), or possibly the execution of arbitrary
code with the privileges of the telnetd process (by default, the
'telnetd' user). Please note that the telnet server is not officially
supported by Ubuntu, it is in the 'universe' component.
Update the affected telnet and / or telnetd packages.
Risk factor :
High / CVSS Base Score : 7.5
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 20487 ()
CVE ID: CVE-2004-0911CVE-2005-0469
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.