Language Selection

English French German Italian Portuguese Spanish

Flurry Of Patches From Unix Vendors For Telnet Flaw

Filed under
Security

Several distributors of the BSD version of the Telnet protocol have released patches for a critical bug that could cause system-hijack attacks.

According to iDefense, remote exploitation of a buffer overflow vulnerability in multiple Telnet clients could allow the execution of arbitrary code.

The Telnet protocol allows virtual network terminals to be connected to over the Internet. The initial description of the telnet protocol was given in RFC854 in May 1983. Since then there have been many extra features added including encryption.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands in the context of the user who launched the Telnet client, says iDefense.

iDefense has confirmed the existence of the vulnerability in the Telnet client included in the Kerberos V5 Release 1.3.6 package and the client included in the SUNWtnetc package of Solaris 5.9. According to the advisory, it is suspected that most BSD based Telnet clients are affected by this vulnerability.

Advisories and patches have been issued by FreeBSD, MIT (Kerberos), Red Hat, and Sun among others.

Source.

More in Tux Machines

Open source more about process than licensing

It is a testament to the success of the Open Source Initiative's (OSI) branding campaign for open source software that "open source" and "licensing" are functionally synonymous. To the extent that people are familiar with open source software, it is the source code released under a license that lets anyone see the "crown jewels" of a software program as opposed to an opaque binary, or black box that hides its underpinnings. Read more

First open source enterprise resource planning app for Drupal unveiled

ERPAL for Service Providers is the world's first open source ERP built on Drupal, a popular content management system. Read more

Eight Key Open-Source Internet of Things Projects

Open source is key to the development of the Internet of things (IoT). Therefore, the Eclipse Foundation is taking a hard look at IoT for Java developers. In fact, the Eclipse IoT community is making it easier for Java developers to connect and manage devices in an IoT solution by delivering at JavaOne 2014 an open IoT stack for Java developers. Based on open source and open standards, the Eclipse Open IoT Stack for Java simplifies IoT development by enabling Java developers to reuse a core set of frameworks and services in their IoT solutions. In addition to the core Open IoT Stack, a set of industrial frameworks are available to accelerate the process of creating home automation and SCADA factory automation solutions. "Our goal with this is to ensure that Java developers have a free and open-source platform for building IoT solutions," said Mike Milinkovich, executive director of Eclipse. Read more

SMPlayer 14.9 Review – One of the Best Movie Players for Linux

In this article I will overview the main things that make SMPlayer stand out of the crowd, putting it on the top of the video playback applications list. SMPlayer is written in Qt 4.8 and uses MPlayer2 for video playback. Personally I have only words of praise for this player, which is why I decided to write this review. So let’s proceed and see what the most important features of SMPlayer are. Read more