Several high-profile distributors of the BSD version of the Telnet protocol have rolled out patches for a critical bug that could cause system-hijack attacks.
The bug, which was reported by iDefense Inc., is a remotely exploitable buffer overflow that could allow the execution of arbitrary code with user privileges.
A successful attacker would have to convince the user to launch a Telnet session with a malicious server. A malicious Web page could be designed that could launch the Telnet client on the users system by clicking a link, or, using the IFRAME tag, by loading the page.
Telnet is a protocol that supports virtual terminal sessions across IP networks including the Internet. The Telnet client program provides the interface for the terminal session to the user.
The vulnerability exists in the main Telnet client program distributed by large numbers of vendors, including MITs Kerberos network authentication system. It is possible for data of a particular size and nature to overflow a fixed-size buffer.
Advisories and patches have been issued by OpenBSD, MIT, Apple, FreeBSD and many Linux distributions through their inclusion of Kerberos.
iDefense states that it is unaware of any workarounds for the problem. While no active exploits are known, a simple proof of concept is available.
The following vendors have issued patches and workarounds: