MNBSD-2016-18: telnetd argument injection into login(1)

Severity: Unknown

Affected Package: telnetd

Summary: telnetd argument injection into login(1)

Description

The telnet daemon passed unsanitized user-supplied data as arguments to login(1), allowing a possible argument injection. A remote attacker could potentially influence the login invocation. Corrected in the 0.8.5 release along with a libc fix.

Affected Versions

telnetd

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2016-1888

Published: December 13, 2016
Last Modified: December 13, 2016