Vulnerability Name:

CVE-2005-0468 (CCN-19877)

Assigned:2005-03-28
Published:2005-03-28
Updated:2017-10-11
Summary:Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-05:01.telnet
telnet client buffer overflows

Source: FREEBSD
Type: Vendor Advisory
FreeBSD-SA-05:01.telnet

Source: CCN
Type: SCO Security Advisory SCOSA-2005.23
OpenServer 5.0.6 OpenServer 5.0.7 : telnet client multiple issues

Source: SGI
Type: Patch
20050405-01-P

Source: MITRE
Type: CNA
CVE-2005-0468

Source: CONECTIVA
Type: UNKNOWN
CLA-2005:962

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2005:962
Fix for buffer overflows in telnet client

Source: CCN
Type: AppleCare Knowledge Base Document 61798
Apple security updates

Source: CCN
Type: RHSA-2005-327
telnet security update

Source: CCN
Type: RHSA-2005-330
krb5 security update

Source: CCN
Type: SA14745
MIT Kerberos Telnet Client Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
14745

Source: SECUNIA
Type: UNKNOWN
17899

Source: SUNALERT
Type: UNKNOWN
101665

Source: SUNALERT
Type: UNKNOWN
101671

Source: SUNALERT
Type: UNKNOWN
57755

Source: CCN
Type: Sun Alert ID: 57755
Buffer Overflow in telnet(1) Client Software

Source: SUNALERT
Type: UNKNOWN
57761

Source: CONFIRM
Type: Patch, Vendor Advisory
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-001-telnet.txt

Source: CCN
Type: MIT krb5 Security Advisory 2005-001
Buffer overflows in telnet client

Source: CCN
Type: CIAC INFORMATION BULLETIN P-163
Kerberos 5 Telnet Client Buffer Overflow

Source: CCN
Type: CIAC INFORMATION BULLETIN P-171
SGI Advanced Linux Environment 3 Security Update #33

Source: DEBIAN
Type: UNKNOWN
DSA-731

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-703

Source: DEBIAN
Type: DSA-703
krb5 -- buffer overflows

Source: DEBIAN
Type: DSA-731
krb4 -- buffer overflows

Source: CCN
Type: GLSA-200504-01
telnet-bsd: Multiple buffer overflows

Source: CCN
Type: GLSA-200504-04
mit-krb5: Multiple buffer overflows in telnet client

Source: CCN
Type: GLSA-200504-28
Heimdal: Buffer overflow vulnerabilities

Source: CCN
Type: iDEFENSE Security Advisory 03.28.05
Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability

Source: IDEFENSE
Type: Vendor Advisory
20050328 Multiple Telnet Client env_opt_add() Buffer Overflow Vulnerability

Source: CCN
Type: US-CERT VU#341908
Multiple Telnet Clients vulnerable to buffer overflow via the env_opt_add() function in telnet.c

Source: CERT-VN
Type: US Government Resource
VU#341908

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:061

Source: CCN
Type: Openwall Web site
Changes made between Owl 1.1 and Owl-current

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:327

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:330

Source: BID
Type: UNKNOWN
12919

Source: CCN
Type: BID-12919
Multiple Vendor Telnet Client Env_opt_add Heap-Based Buffer Overflow Vulnerability

Source: CCN
Type: TLSA-2005-52
Two buffer overflow vulnerabilities exist in krb5

Source: CCN
Type: USN-224-1
Kerberos vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-224-1

Source: XF
Type: UNKNOWN
telnet-client-envoptadd-bo(19877)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9640

Source: SUSE
Type: SUSE-SR:2005:009
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:012
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ncsa:telnet:c:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20050468
    V
    		CVE-2005-0468
    2015-11-16
    oval:org.mitre.oval:def:9640
    V
    		Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated.
    2013-04-29
    oval:org.debian:def:731
    V
    		buffer overflows
    2005-06-02
    oval:org.debian:def:703
    V
    		buffer overflows
    2005-04-01
    oval:com.redhat.rhsa:def:20050330
    P
    		RHSA-2005:330: krb5 security update (Important)
    2005-03-30
    oval:com.redhat.rhsa:def:20050327
    P
    		RHSA-2005:327: telnet security update (Important)
    2005-03-28
    BACK
    ncsa telnet c