Language Selection

English French German Italian Portuguese Spanish

Flurry Of Patches From Unix Vendors For Telnet Flaw

Filed under

Several distributors of the BSD version of the Telnet protocol have released patches for a critical bug that could cause system-hijack attacks.

According to iDefense, remote exploitation of a buffer overflow vulnerability in multiple Telnet clients could allow the execution of arbitrary code.

The Telnet protocol allows virtual network terminals to be connected to over the Internet. The initial description of the telnet protocol was given in RFC854 in May 1983. Since then there have been many extra features added including encryption.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands in the context of the user who launched the Telnet client, says iDefense.

iDefense has confirmed the existence of the vulnerability in the Telnet client included in the Kerberos V5 Release 1.3.6 package and the client included in the SUNWtnetc package of Solaris 5.9. According to the advisory, it is suspected that most BSD based Telnet clients are affected by this vulnerability.

Advisories and patches have been issued by FreeBSD, MIT (Kerberos), Red Hat, and Sun among others.


More in Tux Machines

KDE Ships Plasma 5.4.2, bugfix Release for October

Today KDE releases a bugfix update to Plasma 5, versioned 5.4.2. Plasma 5.4 was released in August with many feature refinements and new modules to complete the desktop experience. This release adds a month's worth of new translations and fixes from KDE's contributors. The bugfixes are typically small but important and include: Many new Breeze icons. Support absolute libexec path configuration, fixes binaries invoked by KWin work again on e.g. Fedora. Commit. Fixes bug #353154. Code review #125466 Set tooltip icon in notifications applet. Commit. Code review #125193 Read more

Sharing in open source and swag

This is something that most people don’t realize when they hear words “open source”. And I feel it is important to understand that open source doesn’t include just programming, though it originated in the context of computer software development. But is also about the way of life and what is called the open source way. Which means that to contribute to open source projects you do not have to code! (You might if you want to ;) ). Just remember that it is important to share and sharing is caring. Read more

today's leftovers

Leftovers: Software