Vulnerability Name: CVE-2005-0469 (CCN-19871) Assigned: 2005-03-28 Published: 2005-03-28 Updated: 2017-10-11 Summary: Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands. CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Privileges References: Source: CCNtelnet client buffer overflows FreeBSD-SA-05:01.telnet OpenServer 5.0.6 OpenServer 5.0.7 : telnet client multiple issues UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : telnet client multiple issues 20050405-01-P Buffer Overflow in telnet(1) Client Software Also Affects Kerberized Telnet CVE-2005-0469 Apple security updates telnet security update krb5 security update MIT Kerberos Telnet Client Buffer Overflow Vulnerabilities 14745 17899 101665 101671 57755 Buffer Overflow in telnet(1) Client Software 57761 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-001-telnet.txt Buffer overflows in telnet client Kerberos 5 Telnet Client Buffer Overflow SGI Advanced Linux Environment 3 Security Update #33 DSA-731 DSA-697 DSA-699 DSA-703 netkit-telnet -- buffer overflow netkit-telnet-ssl -- buffer overflow krb5 -- buffer overflows krb4 -- buffer overflows heimdal -- buffer overflow netkit-telnetd: Buffer overflow GLSA-200503-36 telnet-bsd: Multiple buffer overflows mit-krb5: Multiple buffer overflows in telnet client Heimdal: Buffer overflow vulnerabilities 20050328 Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability Multiple Telnet Client slc_add_reply() Buffer Overflow Vulnerability Multiple Telnet clients fail to properly handle the LINEMODE SLC suboption VU#291924 MDKSA-2005:061 Changes made between Owl 1.1 and Owl-current 2005-04-20: telnet vulnerabilities RHSA-2005:327 RHSA-2005:330 12918 Multiple Vendor Telnet Client LINEMODE Sub-Options Remote Buffer Overflow Vulnerability Two buffer overflow vulnerabilities exist in krb5 telnet vulnerabilities Kerberos vulnerabilities USN-224-1 telnet-client-slcaddreply-bo(19871) oval:org.mitre.oval:def:9708 SUSE Security Summary Report SUSE Security Summary Report Vulnerable Configuration: Configuration 1 :cpe:/a:ncsa:telnet:*:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:mit:kerberos_5:1.3:-:*:*:*:*:*:* OR cpe:/a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:* OR cpe:/a:mit:kerberos_5:1.2:-:*:*:*:*:*:* OR cpe:/a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:* OR cpe:/a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:* OR cpe:/a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:* OR cpe:/a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:* OR cpe:/a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:* OR cpe:/a:mit:kerberos_5:1.2.7:*:*:*:*:*:*:* OR cpe:/a:mit:kerberos_5:1.2.8:*:*:*:*:*:*:* OR cpe:/a:mit:kerberos_5:1.3.1:*:*:*:*:*:*:* OR cpe:/a:mit:kerberos_5:1.3.2:*:*:*:*:*:*:* OR cpe:/a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:* OR cpe:/a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:* OR cpe:/a:mit:kerberos_5:1.3.5:*:*:*:*:*:*:* OR cpe:/a:mit:kerberos_5:1.3.6:*:*:*:*:*:*:* OR cpe:/a:mit:kerberos_5:1.4:*:*:*:*:*:*:* AND cpe:/o:sun:solaris:8::sparc:*:*:*:*:* OR cpe:/o:freebsd:freebsd:5.0:-:*:*:*:*:*:* OR cpe:/o:openbsd:openbsd:3.0:*:*:*:*:*:*:* OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:* OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:* OR cpe:/o:freebsd:freebsd:5.1:-:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:freebsd:freebsd:5.2:-:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:sun:solaris:7.0::sparc:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:* OR cpe:/o:sun:solaris:10::64bit:*:*:*:*:* OR cpe:/o:freebsd:freebsd:5.3:-:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:* OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:* Oval Definitions BACK
ncsa telnet *
mit kerberos 5-1.3
mit kerberos 5-1.2.2
mit kerberos 5-1.2
mit kerberos 5-1.2.1
mit kerberos 5-1.2.3
mit kerberos 5-1.2.4
mit kerberos 5-1.2.5
mit kerberos 5-1.2.6
mit kerberos 5-1.2.7
mit kerberos 5-1.2.8
mit kerberos 5-1.3.1
mit kerberos 5-1.3.2
mit kerberos 5-1.3.3
mit kerberos 5-1.3.4
mit kerberos 5-1.3.5
mit kerberos 5-1.3.6
mit kerberos 5-1.4
sun solaris 8
freebsd freebsd 5.0 -
openbsd openbsd 3.0
sun solaris 9
debian debian linux 3.0
gentoo linux *
mandrakesoft mandrake linux corporate server 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
freebsd freebsd 5.1 -
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
freebsd freebsd 5.2 -
mandrakesoft mandrake linux 10.0
redhat enterprise linux 3
sun solaris 7.0
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 4
redhat enterprise linux 4
apple mac os x server 10.3.8
apple mac os x 10.3.8
sun solaris 10
freebsd freebsd 5.3 -
redhat enterprise linux 4
redhat enterprise linux 4
debian debian linux 3.1
redhat linux advanced workstation 2.1
mandrakesoft mandrake linux 10.1
mandrakesoft mandrake linux corporate server 3.0
turbolinux turbolinux home *
mandrakesoft mandrake linux 10.0
mandrakesoft mandrake linux corporate server 2.1
Denotes that component is vulnerable