Language Selection

English French German Italian Portuguese Spanish

Flurry Of Patches From Unix Vendors For Telnet Flaw

Filed under

Several distributors of the BSD version of the Telnet protocol have released patches for a critical bug that could cause system-hijack attacks.

According to iDefense, remote exploitation of a buffer overflow vulnerability in multiple Telnet clients could allow the execution of arbitrary code.

The Telnet protocol allows virtual network terminals to be connected to over the Internet. The initial description of the telnet protocol was given in RFC854 in May 1983. Since then there have been many extra features added including encryption.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands in the context of the user who launched the Telnet client, says iDefense.

iDefense has confirmed the existence of the vulnerability in the Telnet client included in the Kerberos V5 Release 1.3.6 package and the client included in the SUNWtnetc package of Solaris 5.9. According to the advisory, it is suspected that most BSD based Telnet clients are affected by this vulnerability.

Advisories and patches have been issued by FreeBSD, MIT (Kerberos), Red Hat, and Sun among others.


More in Tux Machines

GNOME Desktop Schedule Published

  • GNOME 3.29.x Development Series
    GNOME 3.29.x is an unstable development series intended for testing and hacking purposes. GNOME uses odd minor version numbers to indicate development status, so this unstable 3.29.x series will become the official 3.30 stable release. There are many ways you can get involved.
  • GNOME 3.30 Scheduled For Release On 6 September
    Following this month's successful launch of GNOME 3.28, the release team has now assembled the schedule for the GNOME 3.30.0 release and the 3.29 development milestones. GNOME 3.29.1 is the first step towards GNOME 3.30 and will be released on 19 April followed by GNOME 3.29.92 a month later on 24 May. For June is then GNOME 3.29.3 and GNOME 3.29.4 on 19 July.
  • GNOME 3.30 "Almeria" Desktop Environment Slated for Release on September 6, 2018
    The GNOME Project announced today the availability of the official release schedule for the next major release of their widely-used GNOME desktop environment for GNU/Linux distributions. While most of the Linux community hasn't yet managed to install the recently released GNOME 3.28 desktop environment on their favorite GNU/Linux distributions, the GNOME developers are already focusing on the next major release, GNOME 3.30, which was slated for release this fall on September 6, 2018.

Super long-term kernel support

In the longer-term, CIP is looking toward IEC-62443 security certification. That is an ambitious goal and CIP can't get there by itself, but the project is working on documentation, test cases, and tools that will hopefully help with an eventual certification effort. Another issue that must be on the radar of any project like this is the year-2038 problem, which currently puts a hard limit on how long a Linux system can be supported. CIP is working with kernel and libc developers to push solutions forward in this area. Read more

LibreSSL 2.7.1 Released, OpenSSH 7.7 Being Tested

today's howtos