BSD Based telnetd telrcv Function Remote Command Execution
Critical Nessus Plugin ID 10709
SynopsisThe remote telnet server may be vulnerable to a buffer overflow attack.
DescriptionThe Telnet server does not return an expected number of replies when it receives a long sequence of 'Are You There' commands. This probably means it overflows one of its internal buffers and crashes. This could likely lead to arbitrary code execution.
SolutionDisable the telnet service by, for example, commenting out the 'telnet' line in /etc/inetd.conf.