|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Matt London (matt
knm.yi.org)Date: Thu Jul 19 2001 - 13:35:26 CDT
Hi,
I came across this at http://www.team-teso.net/ today, and I don't see
any posts about it in the archive so far...
---[cut]---
Within most of the current telnet daemons in use today there exist a buffer
overflow in the telnet option handling. Under certain circumstances it may
be possible to exploit it to gain root priviledges remotely.
Systems Affected
===================
System | vulnerable | exploitable *
----------------------------------------+--------------+------------------
BSDI 4.x default | yes | yes
FreeBSD [2345].x default | yes | yes
IRIX 6.5 | yes | no
Linux netkit-telnetd < 0.14 | yes | ?
Linux netkit-telnetd >= 0.14 | no |
NetBSD 1.x default | yes | yes
OpenBSD 2.x | yes | ?
OpenBSD current | no |
Solaris 2.x sparc | yes | ?
<almost any other vendor's telnetd> | yes | ?
----------------------------------------+--------------+------------------
Impact
===================
Through sending a specially formed option string to the remote telnet
daemon a remote attacker might be able to overwrite sensitive information
on the static memory pages. If done properly this may result in arbitrary
code getting executed on the remote machine under the priviledges the
telnet daemon runs on, usually root.
---[cut]---
You can read the rest at the url above.
Just thought I'd mention it as noone else seems to have :&)
-- Matt
--- E-mail: mattPGP Key fingerprint = 00BF 19FE D5F5 8EAD 2FD5 D102 260E 8BA7 EEE4 8D7F PGP Key http://knm.yi.org/matt-pgp.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]