Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Unix Authors Rush to Patch Telnet Flaw



 By: Larry Seltzer
2005-03-31
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Buffer overflow in the Telnet protocol could yield control of Unix systems to an attacker.

Several high-profile distributors of the BSD version of the Telnet protocol have rolled out patches for a critical bug that could cause system-hijack attacks.

The bug, which was reported by iDefense Inc., is a remotely exploitable buffer overflow that could allow the execution of arbitrary code with user privileges.

A successful attacker would have to convince the user to launch a Telnet session with a malicious server. A malicious Web page could be designed that could launch the Telnet client on the users system by clicking a link, or, using the IFRAME tag, by loading the page.

Telnet is a protocol that supports virtual terminal sessions across IP networks including the Internet. The Telnet client program provides the interface for the terminal session to the user.

Click here to read about IBMs low-end Unix play.

The vulnerability exists in the main Telnet client program distributed by large numbers of vendors, including MITs Kerberos network authentication system. It is possible for data of a particular size and nature to overflow a fixed-size buffer.

Resource Library:

Advisories and patches have been issued by OpenBSD, MIT, Apple, FreeBSD and many Linux distributions through their inclusion of Kerberos.

Read more here about Unix-related warnings from iDefense.

iDefense states that it is unaware of any workarounds for the problem. While no active exploits are known, a simple proof of concept is available.

The following vendors have issued patches and workarounds:

  • Apple: http://docs.info.apple.com/article.html?artnum=61798

  • FreeBSD: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc

  • MIT (Kerberos): http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-001-telnet.txt

  • Red Hat: http://rhn.redhat.com/errata/RHSA-2005-330.html

  • Sun: http://sunsolve.sun.com

    Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



      Reader Comments: Unix Authors Rush to Patch Telnet Flaw
    >>> Be the FIRST to comment on this article!
     

     
     
    >>> More Network Security & Hardware Articles          >>> More By Larry Seltzer
     


    • x}r6*(w=(RGJɖ<֎ey-x'uT I)KR(ϩo7~郖d{N&-`n4wAȕ=!]ǘ[cSݣ&}$5]4i= ɑԫ 9S]MHwW3fөP/a8᳑(,Q  t@t0]2d;s6!esM/cߨ`&`1Zm8lRl #: rW| ~h='@IR/u)pcP e$oqX}؁䛿Q=2r3͛6B!|BJKd/B(?cc?#=}'f^B(ʻF{iki2hj9TN`Uƞfn=Ƌaz.91rx&j= Go,gu'9"ScO$ա%NI(09Q#@oXSTHԢf̴;gj5[gb}ױ}ǣ# 3E5L_FBS If[a( g?LG`B'lǦ"=]6e5]G~?mgE5'l,R" ?q74Ja% ;EsؗY֌aF-S4uTUcV(qt|j,^y||?540V+KJgdZ6dz9I|W<֠Eq9^Cf&j ͒uB_;D_/Rx3oF5 tA%4ȌSHu t9~}M'c6kiJ5f!`F|΁49Vϡ蟩$Wm4@r1)6B̄H )&7jt$~&,)|YB* bԤrݢPP3>ͧ˅B!"xA3ˌE !\J!}! g|8Jn.r?uK󁯚fu՜Ӆ]We. oY#LK\zcOmE7~?u~}8^%g 5F8 ,ieݴ%!W8WG5MGZ9M'_)CR/+&rO f[Ԗ-Pò˔A ~y̆>:NQ'm5>l;4}t>჆$>hhƋMri\OMrӇtu4A.~Gͣn]?&tno7,AbGa`Ψs1Fm|&6ld$4(syt{LLσI#ˋ0P# 2/?6axsܧP}MrA}1g`sDokii#1)_\jJdN˵%@X mAt"AђF *4 gs3X"C"'g `[XOw$]KI+\fD8nOu$]9g_%s㙰\J٣XB YX/_23CCɴX9{DMfT`B[OKᙖ6FlY*NURO4MhǦnfz{@ZWg޳i K0w?g!1s WQ's?G\ύn;A끒:\f335{00q}c] kjtӴ٢͙iÂqjS9_Aa" eBC`9N{S^jkȓL%~On{0s> k2 'yvw=&.Q>j7uϙ_O#k[} |z[.z: %r% 5kb$T`CfL yrpm ֌O\XbʑZO%XScX`Dq Lzb8ufm/n$)`V|\uLg˦zkfTؽ/ 7rH]֥P# M2LZ1D4$B]`}.eGQHīl - 6:6pȞc}nP rQ G,-s9VV j5R{5>k枭,0!.(2n@3$XsPQ[ ҆|tku;.PCϱȧ.點h6*r|0ː ;u- CM5,v&Ԕfj:Y[^|'+ȁUrqXkjpp0_Wׅ=) _86i+@oOGLsCm0 Ǧ"|Zl"{Os=)7}Bޗr(1IO5 &^PGe d^s`M[`R9cDzl lF CQ>-L=G4MD0G[/{ѠTcD8vi_&<[?\>:F}`'zrgItо&hʰeh8`Zzq&$KDX(T< ֚p̈́O5O_cӀah"pHE@xZh~x| " L-9$BRhg[QZn3C zaRI?I L!2Bsݧ}=1g匬5 { ԪbV=M (iIV8Y+0yϹoǼL]Cg<ޗ8k!yw|7iԛŋυ!~8hc0SMwkh >#]\V`QaSƖ=4FXXoH]M;H̎g q\NR!<,`Q9)5fJ >yt 䂲h3 ]lW1L_@s+1L޺IXɑ1[DG`G nȵ( ?K{3]W< OQ:" A\=< `QtEa&NiE{ PwMMWN_)"_pkl豸1] QB|`L ؇^gm/Jz\+*5"X+CbQTh^Gp jN&ӁjFB-89k*+am/|m*Mn1}c%[Ŵw)n<0{L3gF= PhQUrl2y6(qEk-g}X#2␜ ~'U`9N86= BRӳ$R+@ekrฦ[?kK#ohksRG<@̙5Y*% =EЋqcꞃSLBԺخOl$oy݊5g@Zf2U-U"m-ϼ \X  5r &R j>"Gwiŏ[o(5rnv=G> P*U?ғj5j CED\ZE/he~6Kfb;?l͵Z57g XsB5]T0%ezIMqza/;#nK-%. ހذ:Zk.ܒ(t]57f semn-`I3I9`{IO4c 3F*͐{YQkNJsZb()gI?"g?amy:J"q*NP9Oɷwf‰/lCXx|{ `?K{e, ,"zдr#.=2fV,VXō?hhqL vo>B[( L $q!YUihja{I1A$K~?\/z\}>3>LG̾~xf : {J.۝(0^+_ҸGZ`>"u[)Uˇ-mo0.[-tJ2}m&A)hQ?JfW/Kۛfչ~/wᳫ `y B` 8εywˏ❒u[J:7݈w9%!5:OXF^9j7o Bk;d4)(3xX#K#f!B*.V3 N/Ns>V\zF_kɾ,8Aϐa6F4'Ski֭̚_fńBAjNyP(  c@JA=ohu7Wё{kD&-bcaLFrEl&zRG>egyəπ/QI Rt2k;ثI>@w5ϴc>%/5gk3 \:bAL[ıp߆؉ ?O*yr os8{JL<:*OUP놣ݮcAI=h#Q 6j 2'|; 9 A6a imFMa/83PwIO-MRj_4|q58P(K&Ĉc+ϙR8L"ԇ=%<,it4`n(@:OxpCt1C8&+qː ~7;U߉RAڶfO^<;}Z&ƎJϥIaHxMI> 2vw-*m9ܵ֯tX?h4Y'LœMJ·֤Y-2m$zOx¦w8y]xCy֑݇n|Eҭh;|/iPL @B=- Z~a3!o 5ض^0c= xKsSAdS-7RepB! A(%W %FD]oR[/Á"q|$ ]?LheR "W^Ӡobf6޶ u`m͹Y & 鸁cD$F :$!!Fc^~ߝ7v}[/=&R pWPǛHłtY)z30@ b@$`y6-ͬqol_ó0gLj owG_K2`^ %wyHGi$O֫X)xԝ@Jбe7_iId\*zIٙK-}:>>cQZOq  :a^=>?c1Wakstx6 dodQS3pffWhމ_g_=?3rW?$[k" )^ _~Y[|x;:&'0ƜaH{ mYoǩڦk39#n{{ŷiOaWݲ:pXEyˏ0m5m,љ@W23*ei X 5}5%w!$wS-8[y{¡Hj|ubA$486o uD2~~J,*'j zpp817(j`Oen_Kݪ_hӟyT[߷8̫eԴd=ILF c {8R[xq1<^K1'5^i-~|`:Cя")`p֎ xNY+ Z'D0‡,yt rذ ߕB5 DN6(UNsd%O(aZNR'Ʈ,!/B^%aI{EtyydL2mGc4VƵ55xG +qdyfFs9_aci7t 16)to|JI -g c'jsq s9),9+ěK ͬ-+J5!V\Hc4K":;M LPAΧ0l6#a }ꦆ/H𫛨4_fVܞVk2-|Tbts_ňVR>fD9marOcSP`|ׄC EWAjLB(eYiv' ?]{GQjo7q+X oO[ &jC*P/;m cZpgtMxW!CG8UMpT)jmH9gF_ 6a^zGZq1IG)LR>xA1K= _%,⺷k3dl*+u!߰VIm{7R[ {Ueꊍ\DQdС`Nm% \]=oaC_8s&2dҰCߑ7g f{9asH ]TW\AfxO&(Os.}`H{G\o|J7[>B8!i?݇~P Aԝ 8p4.gj5S%%P9 dU ?M=/>nrn-i`Ik ld Dps< {Ό]$Mb1Ř!&"[s6#&|M@Np#ę[? T6CĊ1gGi>'@12E# I`R tQ.( oI??&­!~Rjs#]Ys ޝ1Xh0usXcKR${a8= Sܕɭ6Lh鑭YK7`C'[BH g>򽉑G0usMr RC´vxT+==& .ycI OyN4x\+s+;:B<@Iw]a]NMݗ>0C(-ŌC 5Z(OBVBm$cE)]V ߺoSowfE#{8~ROz%rEeW0`A='92f24\K&IS`Csgrѻ%Mrqndzm/ya"lkMQvYwsݾ\X>p1$lJ[d_T ΓQnvNSʙŢksYx9% Uwf8l zUzUoLlW?fهVԊkm9'j|u3_.Tc3Ԣz h4Q`1DsUN>Mo )n}>u;MjV}QyxQ?ddB&pj3彌rР(?@ Pqse'׸l.rN+g:NF?sPysʀ]1>]w}} v3e:OP)/3(By7:c|A~3:cz^F{z_n?n2޿x6?>7??}OP)'ߧ A]V9]Awe_ryʛrּ)YFy98rEUrXB]_dCy><_`ek7tsg_3̭L_:7Vr]!,.%PUZ« /Y3ʹ6qմ 6 /yd֦WVFkp'k͠6K&(W̘1y}³2Sw١Gh5OKWX&-Jbġ$[<C/Ou>?vҾn^ o=Ջ쓥->gA7gn"B8#w0 dH= _\0vZ{h+ 7\zɜǙC'd;I*V*r;@+E"ðGD(&0#*+P#}a`J\L3BAzG l]{ۦJ̾jCO3CX)x}̺l5G P1=:1@ۨRC1{7/tj^"_v3&mc(27 J,5 ЛD@.޽s/7:tp) ?dD҃yhp䣿 t89`?ħ{  N틷D#&[~Gͼg1x_'05:%xlӍIfrw^f$W"r37$ \ؓ}@-]k q[: w,ٚ9l؆"޵]ݍ;Sw%'/Հ&ۧ{$KvUԥD`/?\vi Cdl,3~ Ch"v]#6 R Ň%?1 r o!fIკ&/ ~2gi-}x= %4Id`nˉ{l$>}T.q sEeאe,G|%ԄZ{JfBM'KYΜ/Ǧ e4d,cx Lw}G*1ue|nHHU֧f2{MG:з57b([|ӼE^߇Fu:l/Ansl2qU[ +"ۂ K-Ӭ>sV¥"UXJMX,8.~sf㿴(@P 9Buz ׂ}Q'za|ה~H϶I5"`:=Vڕ+zYL1e~}=3ӲGHA@Sq۶t3BB `GYu`v)q얢unD4.v>σ/nxDh\wLtxW$L+DvdzU. Z-^cdX$֬LE")w1G.= `5>gvCG%z1wqX.&DW6K54Ƙb~q1yLX+0_mkASsLeU|t#GYEL`&;]+N%t&ж?82acT 1L(_+RYדWv!GZqɋ|E>WNENE<<Sf}')VSL_Xџ_,P>I*g\`_W.:țwByѻHn $ghvV;~v?;w~i a% ѨT\ߵ;/'k{W,Y~KϚ>^hI:V; AHcnV}"^s/ .A|>ǐy6n_1?iVA$摝7yE1um*Pᷮ g۲M) d.%rRbҍR4fr0>d֊&|ƷZ2cˤ_ lIi