Buffer overflow in multiple OS telnetd updated since 19.07.2001
Published:		19.09.2004
Source:		BUGTRAQ
SecurityVulns ID:		1344
Type:		remote
Level:		10/10
Description:		It's possible to overflow buffer with AYT telnet protocol command.

Affected:		FREEBSD : FreeBSD 5.0
		SUN : Solaris 2.8
		SGI : IRIX 6.5
		NETBSD : NetBSD 1.5
		SCO : OpenServer 5.0
		FREEBSD : FreeBSD 4.3
		OPENBSD : OpenBSD 2.9
		APPLE : MacOS X 10.0
		BSDI : BSD/OS 4.2
		LINUX : Linux netkit-telnetd 0.13
		DEBIAN : Debian netkit-telnetd 0.17

Original document		Michal Zalewski, [Full-Disclosure] Debian netkit telnetd vulnerability (19.09.2004)
		Zenith Parsec, ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow (12.08.2001)
		CERT, Advisory CA-2001-21 (25.07.2001)
		Sebastian, multiple vendor telnet daemon vulnerability (19.07.2001)

Files:		telnetd exploit code
		Telnetd AYT overflow scanner, by Security Point(R)
		Proof of concept netkit-0.17-7 local root exploit.
Discuss:		Read or add your comments to this news (0 comments)