Test ID:	1.3.6.1.4.1.25623.1.1.12.2005.101.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-101-1)
Summary:	The remote host is missing an update for the 'netkit-telnet' package(s) announced via the USN-101-1 advisory.
Description:	Summary: The remote host is missing an update for the 'netkit-telnet' package(s) announced via the USN-101-1 advisory. Vulnerability Insight: A buffer overflow was discovered in the telnet client's handling of the LINEMODE suboptions. By sending a specially constructed reply containing a large number of SLC (Set Local Character) commands, a remote attacker (i. e. a malicious telnet server) could execute arbitrary commands with the privileges of the user running the telnet client. (CAN-2005-0469) Michal Zalewski discovered a Denial of Service vulnerability in the telnet server (telnetd). A remote attacker could cause the telnetd process to free an invalid pointer, which caused the server process to crash, leading to a denial of service (inetd will disable the service if telnetd crashed repeatedly), or possibly the execution of arbitrary code with the privileges of the telnetd process (by default, the 'telnetd' user). Please note that the telnet server is not officially supported by Ubuntu, it is in the 'universe' component. (CAN-2004-0911) Affected Software/OS: 'netkit-telnet' package(s) on Ubuntu 4.10. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0911 Bugtraq: 20040918 Debian netkit telnetd vulnerability (Google Search) http://www.securityfocus.com/archive/1/375743 Debian Security Information: DSA-556 (Google Search) http://www.debian.org/security/2004/dsa-556 XForce ISS Database: telnetd-netkit-bo(17540) https://exchange.xforce.ibmcloud.com/vulnerabilities/17540 Common Vulnerability Exposure (CVE) ID: CVE-2005-0469 BugTraq ID: 12918 http://www.securityfocus.com/bid/12918 CERT/CC vulnerability note: VU#291924 http://www.kb.cert.org/vuls/id/291924 Debian Security Information: DSA-697 (Google Search) http://www.debian.org/security/2005/dsa-697 Debian Security Information: DSA-699 (Google Search) http://www.debian.org/security/2005/dsa-699 Debian Security Information: DSA-703 (Google Search) http://www.debian.org/security/2005/dsa-703 Debian Security Information: DSA-731 (Google Search) http://www.debian.de/security/2005/dsa-731 FreeBSD Security Advisory: FreeBSD-SA-05:01.telnet ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc http://www.gentoo.org/security/en/glsa/glsa-200503-36.xml http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities http://www.mandriva.com/security/advisories?name=MDKSA-2005:061 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9708 http://www.redhat.com/support/errata/RHSA-2005-327.html http://www.redhat.com/support/errata/RHSA-2005-330.html http://secunia.com/advisories/14745 http://secunia.com/advisories/17899 SGI Security Advisory: 20050405-01-P ftp://patches.sgi.com/support/free/security/advisories/20050405-01-P http://sunsolve.sun.com/search/document.do?assetkey=1-26-101665-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101671-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1 http://www.ubuntulinux.org/usn/usn-224-1
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.