Unix Authors Rush to Patch Telnet Flaw | eWeek

Unix Authors Rush to Patch Telnet Flaw

Verfasst von
Larry Seltzer
Larry Seltzer
Mar 31, 2005
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Several high-profile distributors of the BSD version of the Telnet protocol have rolled out patches for a critical bug that could cause system-hijack attacks.

The bug, which was reported by iDefense Inc., is a remotely exploitable buffer overflow that could allow the execution of arbitrary code with user privileges.

A successful attacker would have to convince the user to launch a Telnet session with a malicious server. A malicious Web page could be designed that could launch the Telnet client on the users system by clicking a link, or, using the IFRAME tag, by loading the page.

Telnet is a protocol that supports virtual terminal sessions across IP networks including the Internet. The Telnet client program provides the interface for the terminal session to the user.

/zimages/6/28571.gifClick hereto read about IBMs low-end Unix play.

The vulnerability exists in the main Telnet client program distributed by large numbers of vendors, including MITs Kerberos network authentication system. It is possible for data of a particular size and nature to overflow a fixed-size buffer.

Advisories and patches have been issued by OpenBSD, MIT, Apple, FreeBSD and many Linux distributions through their inclusion of Kerberos.

/zimages/6/28571.gifRead morehereabout Unix-related warnings from iDefense.

iDefense states that it is unaware of any workarounds for the problem. While no active exploits are known, a simple proof of concept is available.

The following vendors have issued patches and workarounds:

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.