Language Selection

English French German Italian Portuguese Spanish

Flurry Of Patches From Unix Vendors For Telnet Flaw

Filed under
Security

Several distributors of the BSD version of the Telnet protocol have released patches for a critical bug that could cause system-hijack attacks.

According to iDefense, remote exploitation of a buffer overflow vulnerability in multiple Telnet clients could allow the execution of arbitrary code.

The Telnet protocol allows virtual network terminals to be connected to over the Internet. The initial description of the telnet protocol was given in RFC854 in May 1983. Since then there have been many extra features added including encryption.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands in the context of the user who launched the Telnet client, says iDefense.

iDefense has confirmed the existence of the vulnerability in the Telnet client included in the Kerberos V5 Release 1.3.6 package and the client included in the SUNWtnetc package of Solaris 5.9. According to the advisory, it is suspected that most BSD based Telnet clients are affected by this vulnerability.

Advisories and patches have been issued by FreeBSD, MIT (Kerberos), Red Hat, and Sun among others.

Source.

More in Tux Machines

Debian and Ubuntu Leftovers

  • MiniDebConf Prishtina 2017
    On 7th of October in Prishtina, Kosova’s capital, was hosted the first mini deb conference. The MiniDebConf Prishtina was an event open to everyone, regardless of their level of knowledge about Debian or other free and open source projects. At MiniDebConf Prishtina there were organized a range of topics incidental to Debian and free software, including any free software project, Outreachy internship, privacy, security, digital rights and diversity in IT.
  • No more no surprises
    Debian has generally always had, as a rule, “sane defaults” and “no surprises”. This was completely shattered for me when Vim decided to hijack the mouse from my terminal and break all copy/paste functionality. This has occured since the release of Debian 9.
  • Debian Security Advisory 3999-1
    Debian Linux Security Advisory 3999-1 - Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant).
  • LXD Weekly Status #19
    This past week, part of the team was back in New York for more planning meetings, getting the details of the next 6 months, including LXC, LXD and LXCFS 3.0 fleshed out.

Software and howtos

  • wikipedia2text – A Command Line Tool For Querying The Wikipedia Article
    Hi folks am back with another interesting topic called wikipedia2text. It’s a small Shell script to query the Wikipedia articles in console, also it can open the article in any browser. This shell script uses text-browser to query and render Wikipedia articles. The output will be printed to standard out. It Currently supports around 30 Wikipedia languages. Most of us prefer Wikipedia to know the detailed information about any company or any product information & it’s history. For any google search by default Wikipedia link comes in Top 5.
  • Yay! I Found Yet Another Reliable AUR Helper
    Howdy Arch Users! I’ve got a good news for you. Today, I stumbled upon yet another reliable AUR helper called “Yay”. Yep! the name of this AUR helper is Yay. Currently, I use Pacaur for installing AUR packages. It does great job and I really like it. I also have used other AUR helpers such as Packer and Yaourt in the past. After reading its features, I thought to give “Yay” a try and see how things works. So, here we go!
  •  
  • mount.nfs: requested NFS version or transport protocol is not supported
  • How to Deploy Clojure Web Application on Debian 9
  • Copr stack dockerized!
  • Using Dell Dock With Ubuntu
    Over the years I have found my way around many minor hurdles when using Ubuntu, the most recent being Using the DELL ULTRAHD 4K USB 3.0 DOCKING STATION (D3100).

GNU/Linux Desktops/Laptops and Devices

OSS Leftovers