LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 18th, 2014
Linux Advisory Watch: July 13th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Important: telnet security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated telnet packages that fix two buffer overflow vulnerabilities are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: telnet security update
Advisory ID:       RHSA-2005:327-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-327.html
Issue date:        2005-03-28
Updated on:        2005-03-28
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0468 CAN-2005-0469
- ---------------------------------------------------------------------

1. Summary:

Updated telnet packages that fix two buffer overflow vulnerabilities are
now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The telnet package provides a command line telnet client. The telnet-server
package includes a telnet daemon, telnetd, that supports remote login to
the host machine.

Two buffer overflow flaws were discovered in the way the telnet client
handles messages from a server.  An attacker may be able to execute
arbitrary code on a victim's machine if the victim can be tricked into
connecting to a malicious telnet server. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468
and CAN-2005-0469 to these issues.

Additionally, the following bugs have been fixed in these erratum packages
for Red Hat Enterprise Linux 2.1 and Red Hat Enterprise Linux 3:

- - telnetd could loop on an error in the child side process

- - There was a race condition in telnetd on a wtmp lock on some occasions

- - The command line in the process table was sometimes too long and caused
bad output from the ps command

- - The 8-bit binary option was not working

Users of telnet should upgrade to this updated package, which contains
backported patches to correct these issues.

Red Hat would like to thank iDEFENSE for their responsible disclosure of
this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

126858 - Too long /proc/X/cmdline: bad ps output when piped to less/more
145004 - telnetd cleanup() race condition with syslog in signal handler
145636 - [PATCH] telnetd loops on child IO error
147003 - [RHEL3] telnetd cleanup() race condition with syslog in signal handler
151297 - CAN-2005-0469 slc_add_reply() Buffer Overflow Vulnerability
151301 - CAN-2005-0468 env_opt_add() Buffer Overflow Vulnerability

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/telnet-0.17-20.EL2.3.src.rpm
417f308264da21ba52f490671078437d  telnet-0.17-20.EL2.3.src.rpm

i386:
9844ce440580371e21adb6e240f7ef32  telnet-0.17-20.EL2.3.i386.rpm
6a8a735c26c81c10fd03d25ed001c89c  telnet-server-0.17-20.EL2.3.i386.rpm

ia64:
17e5e124770f7772cf0d4c4e24650b87  telnet-0.17-20.EL2.3.ia64.rpm
94149177b916123e92c80bf5412112fc  telnet-server-0.17-20.EL2.3.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/telnet-0.17-20.EL2.3.src.rpm
417f308264da21ba52f490671078437d  telnet-0.17-20.EL2.3.src.rpm

ia64:
17e5e124770f7772cf0d4c4e24650b87  telnet-0.17-20.EL2.3.ia64.rpm
94149177b916123e92c80bf5412112fc  telnet-server-0.17-20.EL2.3.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/telnet-0.17-20.EL2.3.src.rpm
417f308264da21ba52f490671078437d  telnet-0.17-20.EL2.3.src.rpm

i386:
9844ce440580371e21adb6e240f7ef32  telnet-0.17-20.EL2.3.i386.rpm
6a8a735c26c81c10fd03d25ed001c89c  telnet-server-0.17-20.EL2.3.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/telnet-0.17-20.EL2.3.src.rpm
417f308264da21ba52f490671078437d  telnet-0.17-20.EL2.3.src.rpm

i386:
9844ce440580371e21adb6e240f7ef32  telnet-0.17-20.EL2.3.i386.rpm
6a8a735c26c81c10fd03d25ed001c89c  telnet-server-0.17-20.EL2.3.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/telnet-0.17-26.EL3.2.src.rpm
9d246538ceb4ea06807737bf487bf29d  telnet-0.17-26.EL3.2.src.rpm

i386:
a1edb03210ac63b30f6332a2e4227dc9  telnet-0.17-26.EL3.2.i386.rpm
6eea6c08ea68f1ea8a177c63016e9935  telnet-server-0.17-26.EL3.2.i386.rpm

ia64:
540dfa1463fb15b035371cb8815c8003  telnet-0.17-26.EL3.2.ia64.rpm
cf5ea891b305e4e150b31f012e5bd0b7  telnet-server-0.17-26.EL3.2.ia64.rpm

ppc:
004cd42520a5052fbbf6f150ebec5308  telnet-0.17-26.EL3.2.ppc.rpm
5246c393f0b38a64a47efc8b091d3cc3  telnet-server-0.17-26.EL3.2.ppc.rpm

s390:
feb70dd0f45a9e08d5d49fcb773924f2  telnet-0.17-26.EL3.2.s390.rpm
9290204b8e84f96b024ffe98da834174  telnet-server-0.17-26.EL3.2.s390.rpm

s390x:
8d7419651888f9943e82918b73c84b09  telnet-0.17-26.EL3.2.s390x.rpm
6dc6d17c2086c6756a74e9e48552b634  telnet-server-0.17-26.EL3.2.s390x.rpm

x86_64:
7d226b52aae9119e23645d3243bd821c  telnet-0.17-26.EL3.2.x86_64.rpm
d48f86ee42581c351d565aa78d373204  telnet-server-0.17-26.EL3.2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/telnet-0.17-26.EL3.2.src.rpm
9d246538ceb4ea06807737bf487bf29d  telnet-0.17-26.EL3.2.src.rpm

i386:
a1edb03210ac63b30f6332a2e4227dc9  telnet-0.17-26.EL3.2.i386.rpm
6eea6c08ea68f1ea8a177c63016e9935  telnet-server-0.17-26.EL3.2.i386.rpm

x86_64:
7d226b52aae9119e23645d3243bd821c  telnet-0.17-26.EL3.2.x86_64.rpm
d48f86ee42581c351d565aa78d373204  telnet-server-0.17-26.EL3.2.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/telnet-0.17-26.EL3.2.src.rpm
9d246538ceb4ea06807737bf487bf29d  telnet-0.17-26.EL3.2.src.rpm

i386:
a1edb03210ac63b30f6332a2e4227dc9  telnet-0.17-26.EL3.2.i386.rpm
6eea6c08ea68f1ea8a177c63016e9935  telnet-server-0.17-26.EL3.2.i386.rpm

ia64:
540dfa1463fb15b035371cb8815c8003  telnet-0.17-26.EL3.2.ia64.rpm
cf5ea891b305e4e150b31f012e5bd0b7  telnet-server-0.17-26.EL3.2.ia64.rpm

x86_64:
7d226b52aae9119e23645d3243bd821c  telnet-0.17-26.EL3.2.x86_64.rpm
d48f86ee42581c351d565aa78d373204  telnet-server-0.17-26.EL3.2.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/telnet-0.17-26.EL3.2.src.rpm
9d246538ceb4ea06807737bf487bf29d  telnet-0.17-26.EL3.2.src.rpm

i386:
a1edb03210ac63b30f6332a2e4227dc9  telnet-0.17-26.EL3.2.i386.rpm
6eea6c08ea68f1ea8a177c63016e9935  telnet-server-0.17-26.EL3.2.i386.rpm

ia64:
540dfa1463fb15b035371cb8815c8003  telnet-0.17-26.EL3.2.ia64.rpm
cf5ea891b305e4e150b31f012e5bd0b7  telnet-server-0.17-26.EL3.2.ia64.rpm

x86_64:
7d226b52aae9119e23645d3243bd821c  telnet-0.17-26.EL3.2.x86_64.rpm
d48f86ee42581c351d565aa78d373204  telnet-server-0.17-26.EL3.2.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/telnet-0.17-31.EL4.2.src.rpm
a3faf4a95d925197b7ec88861a272f68  telnet-0.17-31.EL4.2.src.rpm

i386:
c03d8fbd5c1a1dfd334263e034626bef  telnet-0.17-31.EL4.2.i386.rpm
095477b3fd6797a4dcb71eaa6fe40fb9  telnet-server-0.17-31.EL4.2.i386.rpm

ia64:
c1eaa58f26e47c3c8370ff2189b78b81  telnet-0.17-31.EL4.2.ia64.rpm
3e47cc360ea07b28c16da6fdfb88c39e  telnet-server-0.17-31.EL4.2.ia64.rpm

ppc:
22fc96070dc40b3686d23b62f213069c  telnet-0.17-31.EL4.2.ppc.rpm
53e773d2752608b0414a8fd0e449c694  telnet-server-0.17-31.EL4.2.ppc.rpm

s390:
8336b046ae91cc296a949ce840858489  telnet-0.17-31.EL4.2.s390.rpm
62fa5b57339984f7903c8c6828cf3907  telnet-server-0.17-31.EL4.2.s390.rpm

s390x:
a9687c4c60aa7ce447b322ad15e491e1  telnet-0.17-31.EL4.2.s390x.rpm
624150f3b2bb179af14f89333549baf8  telnet-server-0.17-31.EL4.2.s390x.rpm

x86_64:
ba9038dbfdedbf0d064c6b2be18f10e4  telnet-0.17-31.EL4.2.x86_64.rpm
42fc60c48cacc2d40798fc33681bfcd2  telnet-server-0.17-31.EL4.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/telnet-0.17-31.EL4.2.src.rpm
a3faf4a95d925197b7ec88861a272f68  telnet-0.17-31.EL4.2.src.rpm

i386:
c03d8fbd5c1a1dfd334263e034626bef  telnet-0.17-31.EL4.2.i386.rpm
095477b3fd6797a4dcb71eaa6fe40fb9  telnet-server-0.17-31.EL4.2.i386.rpm

x86_64:
ba9038dbfdedbf0d064c6b2be18f10e4  telnet-0.17-31.EL4.2.x86_64.rpm
42fc60c48cacc2d40798fc33681bfcd2  telnet-server-0.17-31.EL4.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/telnet-0.17-31.EL4.2.src.rpm
a3faf4a95d925197b7ec88861a272f68  telnet-0.17-31.EL4.2.src.rpm

i386:
c03d8fbd5c1a1dfd334263e034626bef  telnet-0.17-31.EL4.2.i386.rpm
095477b3fd6797a4dcb71eaa6fe40fb9  telnet-server-0.17-31.EL4.2.i386.rpm

ia64:
c1eaa58f26e47c3c8370ff2189b78b81  telnet-0.17-31.EL4.2.ia64.rpm
3e47cc360ea07b28c16da6fdfb88c39e  telnet-server-0.17-31.EL4.2.ia64.rpm

x86_64:
ba9038dbfdedbf0d064c6b2be18f10e4  telnet-0.17-31.EL4.2.x86_64.rpm
42fc60c48cacc2d40798fc33681bfcd2  telnet-server-0.17-31.EL4.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/telnet-0.17-31.EL4.2.src.rpm
a3faf4a95d925197b7ec88861a272f68  telnet-0.17-31.EL4.2.src.rpm

i386:
c03d8fbd5c1a1dfd334263e034626bef  telnet-0.17-31.EL4.2.i386.rpm
095477b3fd6797a4dcb71eaa6fe40fb9  telnet-server-0.17-31.EL4.2.i386.rpm

ia64:
c1eaa58f26e47c3c8370ff2189b78b81  telnet-0.17-31.EL4.2.ia64.rpm
3e47cc360ea07b28c16da6fdfb88c39e  telnet-server-0.17-31.EL4.2.ia64.rpm

x86_64:
ba9038dbfdedbf0d064c6b2be18f10e4  telnet-0.17-31.EL4.2.x86_64.rpm
42fc60c48cacc2d40798fc33681bfcd2  telnet-server-0.17-31.EL4.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Anti-surveillance advocates want you to run an open, secure WiFi router
Attackers raid SWISS BANKS with DNS and malware bombs
A Convicted Hacker and an Internet Icon Join Forces to Thwart NSA Spying
Black Hat presentation on TOR suddenly cancelled
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.