MNBSD-2023-0: Buffer overflow in telnetd allows remote code execution

Severity: Unknown

Affected Package: telnetd

Summary: Buffer overflow in telnetd allows remote code execution

Description

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

Affected Versions

telnetd

Specific versions:

0.1.0
0.1.1
0.2.0
0.2.1
0.3.0
0.4.0
0.5.0
0.6.0
0.7.0
0.8.0
0.9.0
1.0.0
1.1.0
1.2.0
2.0.0
2.0.1
2.0.2
2.1.0
2.1.1
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
3.0.0

Recommendations

No specific recommendations provided.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-10188
https://github.com/krb5/krb5-appl/blob/d00cd671dfe945791b33d4f1f6a5c57ae1667ef8/telnet/telnetd/utility.c#L205-L216
https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html
https://github.com/MidnightBSD/src/commit/db4d8bca9d3c1922a921d0ec5036a28b25332433

Additional Information

Aliases: CVE-2020-10188

Published: April 03, 2023
Last Modified: April 03, 2023