Language Selection

English French German Italian Portuguese Spanish

Flurry Of Patches From Unix Vendors For Telnet Flaw

Filed under
Security

Several distributors of the BSD version of the Telnet protocol have released patches for a critical bug that could cause system-hijack attacks.

According to iDefense, remote exploitation of a buffer overflow vulnerability in multiple Telnet clients could allow the execution of arbitrary code.

The Telnet protocol allows virtual network terminals to be connected to over the Internet. The initial description of the telnet protocol was given in RFC854 in May 1983. Since then there have been many extra features added including encryption.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands in the context of the user who launched the Telnet client, says iDefense.

iDefense has confirmed the existence of the vulnerability in the Telnet client included in the Kerberos V5 Release 1.3.6 package and the client included in the SUNWtnetc package of Solaris 5.9. According to the advisory, it is suspected that most BSD based Telnet clients are affected by this vulnerability.

Advisories and patches have been issued by FreeBSD, MIT (Kerberos), Red Hat, and Sun among others.

Source.

More in Tux Machines

Linux Foundation Hirings and Initiatives

Facebook-squishing Indian regulator's next move: Open source code

Fresh from squashing Facebook's effort to grab the enormous India market, the sub-continent's regulator has another goal in mind: open source software. Speaking at the India Digital Summit this week, chairman of the Telecom Regulatory Authority of India (TRAI), Ram Sewak Sharma, told attendees: "No service can be hostage to a particular technology." He then went on to explicitly support the broader adoption of open source software, arguing that it would help the booming digital economy in India from being locked into buying from a specific company and enable a broader and more equitable internet for all. "Any technology that is deployed for connectivity must be interoperable and the open standards framework and the principles it entails are extremely important," he argued. Read more

Ubuntu 16.04 LTS to Let Users Change the Visibility of App Menus in Unity Panel

We've already told you that we're running the latest Ubuntu 16.04 LTS (Xenial Xerus) operating system, right? Well, guess what? Earlier today, Canonical pushed a bunch of important updates to the upcoming distribution. Read more

GNOME 3.19.90 beta tarballs due (and more)

Hello all, We would like to inform you about the following: * GNOME 3.19.90 beta tarballs due * API/ABI, UI and Feature Addition Freeze; String Change Announcement Period * New APIs must be fully documented * Writing of release notes begins Tarballs are due on 2016-02-15 before 23:59 UTC for the GNOME 3.19.90 beta release, which will be delivered on Wednesday. Modules which were proposed for inclusion should try to follow the unstable schedule so everyone can test them. Please make sure that your tarballs will be uploaded before Monday 23:59 UTC: tarballs uploaded later than that will probably be too late to get in 3.19.90. If you are not able to make a tarball before this deadline or if you think you'll be late, please send a mail to the release team and we'll find someone to roll the tarball for you! Read more