TESO In.telnetd Buffer Overflow Network Vulnerability

Summary

The Telnet server does not return an expected number of replies when it receives a long sequence of 'Are You There' commands. This probably means it overflows one of its internal buffers and crashes. It is likely an attacker could abuse this bug to gain control over the remote host's superuser. For more information, see: http://www.team-teso.net/advisories/teso-advisory-011.tar.gz

Solution

Comment out the 'telnet' line in /etc/inetd.conf.

Severity

Classification

CVE CVE-2001-0554
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

TESO in.telnetd buffer overflow
irix rpc.passwd overflow
Shell Command Execution Vulnerability
Header overflow against HTTP proxy
Sun Java Web Start Remote Command Execution Vulnerability (Linux)

Take action and discover your vulnerabilities