MNBSD-2011-7: telnetd remote buffer overflow allows arbitrary code execution as root

Severity: Unknown

Affected Package: telnetd

Summary: telnetd remote buffer overflow allows arbitrary code execution as root

Description

The telnet daemon does not validate the length of a supplied encryption key before copying it into a fixed-size buffer. An attacker who can connect to telnetd can overflow the buffer and execute arbitrary code with the privileges of the daemon, which is normally root. This is a remotely exploitable root compromise.

Affected Versions

telnetd

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2011-4862

Published: December 23, 2011
Last Modified: December 23, 2011