Test ID:	1.3.6.1.4.1.25623.1.0.10709
Category:	Gain a shell remotely
Title:	TESO in.telnetd Buffer Overflow DoS Vulnerability
Summary:	The Telnet server does not return an expected number of replies; when it receives a long sequence of 'Are You There' commands. This probably means it overflows one; of its internal buffers and crashes.
Description:	Summary: The Telnet server does not return an expected number of replies when it receives a long sequence of 'Are You There' commands. This probably means it overflows one of its internal buffers and crashes. Vulnerability Impact: It is likely an attacker could abuse this bug to gain control over the remote host's superuser. Affected Software/OS: Sun Solaris 2.8, RetHat Linux 6.2 and FreeBSD 4.3 are known to be affected. Other versions or products might be affected as well. Solution: Comment out the 'telnet' line in /etc/inetd.conf. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2001-0554 BugTraq ID: 3064 http://www.securityfocus.com/bid/3064 Bugtraq: 20010718 multiple vendor telnet daemon vulnerability (Google Search) http://www.securityfocus.com/archive/1/197804 Bugtraq: 20010725 SCO - Telnetd AYT overflow ? (Google Search) http://online.securityfocus.com/archive/1/199541 Bugtraq: 20010725 Telnetd AYT overflow scanner (Google Search) http://online.securityfocus.com/archive/1/199496 Bugtraq: 20010810 ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow (Google Search) http://online.securityfocus.com/archive/1/203000 Caldera Security Advisory: CSSA-2001-030.0 http://www.calderasystems.com/support/security/advisories/CSSA-2001-030.0.txt Caldera Security Advisory: CSSA-2001-SCO.10 ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt http://www.cert.org/advisories/CA-2001-21.html Computer Incident Advisory Center Bulletin: L-131 http://www.ciac.org/ciac/bulletins/l-131.shtml Cisco Security Advisory: 20020129 Cisco CatOS Telnet Buffer Vulnerability http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml COMPAQ Service Security Patch: SSRT0745U http://ftp.support.compaq.com/patches/.new/html/SSRT0745U.shtml Conectiva Linux advisory: CLA-2001:413 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000413 Debian Security Information: DSA-070 (Google Search) http://www.debian.org/security/2001/dsa-070 Debian Security Information: DSA-075 (Google Search) http://www.debian.org/security/2001/dsa-075 FreeBSD Security Advisory: FreeBSD-SA-01:49 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc HPdes Security Advisory: HPSBUX0110-172 http://archives.neohapsis.com/archives/hp/2001-q4/0014.html IBM ERS/BRS Advisory: MSS-OAR-E01-2001:298 http://online.securityfocus.com/advisories/3476 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-068.php3 NETBSD Security Advisory: NetBSD-SA2001-012 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc http://www.osvdb.org/809 http://www.redhat.com/support/errata/RHSA-2001-099.html http://www.redhat.com/support/errata/RHSA-2001-100.html SGI Security Advisory: 20010801-01-P ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P SuSE Security Announcement: SuSE-SA:2001:029 (Google Search) http://www.novell.com/linux/security/advisories/2001_029_nkitb_txt.html XForce ISS Database: telnetd-option-telrcv-bo(6875) https://exchange.xforce.ibmcloud.com/vulnerabilities/6875
Copyright	Copyright (C) 2001 Pavel Kankovsky

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.