Multiple Vendor Telnetd Buffer Overflow Vulnerability

A boundary condition error exists in telnet daemons derived from the BSD telnet daemon.

Under certain circumstances, the buffer overflow can occur when a combination of telnet protocol options are received by the daemon. The function responsible for processing the options prepares a response within a fixed sized buffer, without performing any bounds checking.

This vulnerability is now being actively exploited. A worm is known to be circulating around the Internet.


 

Privacy Statement
Copyright 2010, SecurityFocus