Language Selection

English French German Italian Portuguese Spanish

Flurry Of Patches From Unix Vendors For Telnet Flaw

Filed under
Security

Several distributors of the BSD version of the Telnet protocol have released patches for a critical bug that could cause system-hijack attacks.

According to iDefense, remote exploitation of a buffer overflow vulnerability in multiple Telnet clients could allow the execution of arbitrary code.

The Telnet protocol allows virtual network terminals to be connected to over the Internet. The initial description of the telnet protocol was given in RFC854 in May 1983. Since then there have been many extra features added including encryption.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands in the context of the user who launched the Telnet client, says iDefense.

iDefense has confirmed the existence of the vulnerability in the Telnet client included in the Kerberos V5 Release 1.3.6 package and the client included in the SUNWtnetc package of Solaris 5.9. According to the advisory, it is suspected that most BSD based Telnet clients are affected by this vulnerability.

Advisories and patches have been issued by FreeBSD, MIT (Kerberos), Red Hat, and Sun among others.

Source.

More in Tux Machines

Server: NASA, Kubernetes at GitHub, and Docker in Mainframes

  • NASA Launches Supercomputer Servers into Space
    During that time, it will run a series of supercomputing benchmarks, including High Performance Linpack, the High Performance Conjugate Gradients (HPCG) suite, and the NASA-derived NAS parallel benchmarks. Its operation will be compared to HPE servers of the same construction back on Earth. The idea is to make sure that the ISS-based system is able to deal with the realities of cosmic radiation, solar flares, unstable electrical power, and wide variations in temperature.
  • Kubernetes at GitHub
    Over the last year, GitHub has gradually evolved the infrastructure that runs the Ruby on Rails application responsible for github.com and api.github.com. We reached a big milestone recently: all web and API requests are served by containers running in Kubernetes clusters deployed on our metal cloud. Moving a critical application to Kubernetes was a fun challenge, and we’re excited to share some of what we’ve learned with you today.
  • Docker Can Now Containerize Legacy Apps Running on Mainframes
    Docker this week announced the first update to its rebranded flagship platform with the release of Docker Enterprise Edition (EE) 17.06. Back in March, Docker rolled out the first Docker EE, built on the backs of what had been known as Docker Commercially Supported and Docker Datacenter. The new release comes on the heels of a report last week from Bloomberg that the container company has been raising money, which will result in $75 million dollars being added to its coffers by the end of the month, bringing with it a new valuation of $1.3 billion — up $300 million from its previous valuation.

Linux Foundation's Dronecode, Ethereum Blockchain, and Kernel Changes

today's howtos

Games: Out of Reach, Darkwood and F1 2017