CVE-2001-0554

Description

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

Affected products

• Debian / debian_linux2.2 – 2.2
• FreeBSD / FreeBSD2.2 – 2.2
• FreeBSD / FreeBSD2.0 – 2.0
• FreeBSD / FreeBSD2.0.1 – 2.0.1
• FreeBSD / FreeBSD2.0.5 – 2.0.5
• FreeBSD / FreeBSD2.1 – 2.1
• FreeBSD / FreeBSD2.1.0 – 2.1.0
• FreeBSD / FreeBSD2.1.5 – 2.1.5
• FreeBSD / FreeBSD2.1.6 – 2.1.6
• FreeBSD / FreeBSD2.1.6.1 – 2.1.6.1
• FreeBSD / FreeBSD2.1.7 – 2.1.7
• FreeBSD / FreeBSD2.1.7.1 – 2.1.7.1
• FreeBSD / FreeBSD2.2 – 2.2
• FreeBSD / FreeBSD2.2.1 – 2.2.1
• FreeBSD / FreeBSD2.2.2 – 2.2.2
• FreeBSD / FreeBSD2.2.3 – 2.2.3
• FreeBSD / FreeBSD2.2.4 – 2.2.4
• FreeBSD / FreeBSD2.2.5 – 2.2.5
• FreeBSD / FreeBSD2.2.6 – 2.2.6
• FreeBSD / FreeBSD2.2.7 – 2.2.7
• FreeBSD / FreeBSD2.2.8 – 2.2.8
• FreeBSD / FreeBSD3.0 – 3.0
• FreeBSD / FreeBSD3.0 – 3.0
• FreeBSD / FreeBSD3.1 – 3.1
• FreeBSD / FreeBSD3.2 – 3.2
• FreeBSD / FreeBSD3.3 – 3.3
• FreeBSD / FreeBSD3.4 – 3.4
• FreeBSD / FreeBSD3.5 – 3.5
• FreeBSD / FreeBSD3.5 – 3.5
• FreeBSD / FreeBSD3.5.1 – 3.5.1
• FreeBSD / FreeBSD3.5.1 – 3.5.1
• FreeBSD / FreeBSD3.5.1 – 3.5.1
• FreeBSD / FreeBSD4.0 – 4.0
• FreeBSD / FreeBSD4.0 – 4.0
• FreeBSD / FreeBSD4.0 – 4.0
• FreeBSD / FreeBSD4.1 – 4.1
• FreeBSD / FreeBSD4.1.1 – 4.1.1
• FreeBSD / FreeBSD4.2 – 4.2
• FreeBSD / FreeBSD4.3 – 4.3
• ibm / aix4.3.1 – 4.3.1
• ibm / aix5.1 – 5.1
• ibm / aix4.3.3 – 4.3.3
• ibm / aix4.3.2 – 4.3.2
• ibm / aix4.3 – 4.3
• MIT / kerberos1.0 – 1.0
• MIT / Kerberos 51.1 – 1.1
• MIT / Kerberos 51.1.1 – 1.1.1
• MIT / Kerberos 51.2 – 1.2
• MIT / Kerberos 51.2.1 – 1.2.1
• MIT / Kerberos 51.2.2 – 1.2.2
• NetBSD / netbsd1.3.1 – 1.3.1
• NetBSD / netbsd1.5.1 – 1.5.1
• NetBSD / netbsd1.5 – 1.5
• NetBSD / netbsd1.4.3 – 1.4.3
• NetBSD / netbsd1.4.2 – 1.4.2
• NetBSD / netbsd1.4.1 – 1.4.1
• NetBSD / netbsd1.4 – 1.4
• NetBSD / netbsd1.3.3 – 1.3.3
• NetBSD / netbsd1.2.1 – 1.2.1
• NetBSD / netbsd1.3 – 1.3
• NetBSD / netbsd1.3.2 – 1.3.2
• NetBSD / netbsd1.0 – 1.0
• NetBSD / netbsd1.1 – 1.1
• NetBSD / netbsd1.2 – 1.2
• netkit / linux_netkit0.12 – 0.12
• netkit / linux_netkit0.11 – 0.11
• netkit / linux_netkit0.10 – 0.10
• OpenBSD / OpenBSD2.4 – 2.4
• OpenBSD / OpenBSD2.0 – 2.0
• OpenBSD / OpenBSD2.1 – 2.1
• OpenBSD / OpenBSD2.2 – 2.2
• OpenBSD / OpenBSD2.3 – 2.3
• OpenBSD / OpenBSD2.5 – 2.5
• OpenBSD / OpenBSD2.6 – 2.6
• OpenBSD / OpenBSD2.7 – 2.7
• OpenBSD / OpenBSD2.8 – 2.8
• sgi / irix6.5 – 6.5
• sun / solaris2.6 – 2.6
• sun / sunos5.8 – 5.8
• sun / sunos5.7 – 5.7
• sun / sunos5.5.1 – 5.5.1
• sun / sunos5.5 – 5.5
• sun / sunos5.4 – 5.4
• sun / sunos5.3 – 5.3
• sun / sunos5.0 – 5.0
• sun / sunos5.2 – 5.2
• sun / sunos5.1 – 5.1

References

• MISChttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000413
• MISChttp://www.linux-mandrake.com/en/security/2001/MDKSA-2001-068.php3
• MISChttp://www.ciac.org/ciac/bulletins/l-131.shtml
• MISChttp://ftp.support.compaq.com/patches/.new/html/SSRT0745U.shtml
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/6875
• MISChttp://www.osvdb.org/809
• VENDOR_ADVISORYhttp://online.securityfocus.com/advisories/3476
• MISChttp://online.securityfocus.com/archive/1/199496
• MISChttp://online.securityfocus.com/archive/1/203000
• MISChttp://www.securityfocus.com/bid/3064
• MISChttp://www.redhat.com/support/errata/RHSA-2001-100.html
• VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2001_029_nkitb_txt.html
• MISCftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt
• MISChttp://www.redhat.com/support/errata/RHSA-2001-099.html
• VENDOR_ADVISORYhttp://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml
• MISChttp://archives.neohapsis.com/archives/hp/2001-q4/0014.html
• VENDOR_ADVISORYhttp://www.debian.org/security/2001/dsa-075
• MISChttp://www.securityfocus.com/archive/1/197804
• VENDOR_ADVISORYhttp://www.cert.org/advisories/CA-2001-21.html
• VENDOR_ADVISORYftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc
• VENDOR_ADVISORYhttp://www.calderasystems.com/support/security/advisories/CSSA-2001-030.0.txt
• VENDOR_ADVISORYhttp://www.debian.org/security/2001/dsa-070
• MISChttp://online.securityfocus.com/archive/1/199541
• VENDOR_ADVISORYftp://patches.sgi.com/support/free/security/advisories/20010801-01-P
• VENDOR_ADVISORYftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc