Unix Authors Rush to Patch Telnet Flaw

Buffer overflow in the Telnet protocol could yield control of Unix systems to an attacker.

Several high-profile distributors of the BSD version of the Telnet protocol have rolled out patches for a critical bug that could cause system-hijack attacks.

The bug, which was reported by iDefense Inc., is a remotely exploitable buffer overflow that could allow the execution of arbitrary code with user privileges.

A successful attacker would have to convince the user to launch a Telnet session with a malicious server. A malicious Web page could be designed that could launch the Telnet client on the users system by clicking a link, or, using the IFRAME tag, by loading the page.

Telnet is a protocol that supports virtual terminal sessions across IP networks including the Internet. The Telnet client program provides the interface for the terminal session to the user.

/zimages/6/28571.gifClick here to read about IBMs low-end Unix play.

The vulnerability exists in the main Telnet client program distributed by large numbers of vendors, including MITs Kerberos network authentication system. It is possible for data of a particular size and nature to overflow a fixed-size buffer.

Advisories and patches have been issued by OpenBSD, MIT, Apple, FreeBSD and many Linux distributions through their inclusion of Kerberos.

/zimages/6/28571.gifRead more here about Unix-related warnings from iDefense.

iDefense states that it is unaware of any workarounds for the problem. While no active exploits are known, a simple proof of concept is available.

The following vendors have issued patches and workarounds:

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.