10

CVE-2001-0554

Exploit
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MitKerberos Version1.0
MitKerberos 5 Version1.1
MitKerberos 5 Version1.1.1
MitKerberos 5 Version1.2
MitKerberos 5 Version1.2.1
MitKerberos 5 Version1.2.2
NetkitLinux Netkit Version0.10
NetkitLinux Netkit Version0.11
NetkitLinux Netkit Version0.12
SgiIrix Version6.5
FreebsdFreebsd Version2.0
FreebsdFreebsd Version2.0.1
FreebsdFreebsd Version2.0.5
FreebsdFreebsd Version2.1 Updatestable
FreebsdFreebsd Version2.1.0
FreebsdFreebsd Version2.1.5
FreebsdFreebsd Version2.1.6
FreebsdFreebsd Version2.1.6.1
FreebsdFreebsd Version2.1.7
FreebsdFreebsd Version2.1.7.1
FreebsdFreebsd Version2.2
FreebsdFreebsd Version2.2 Updatecurrent
FreebsdFreebsd Version2.2.1
FreebsdFreebsd Version2.2.2
FreebsdFreebsd Version2.2.3
FreebsdFreebsd Version2.2.4
FreebsdFreebsd Version2.2.5
FreebsdFreebsd Version2.2.6
FreebsdFreebsd Version2.2.7
FreebsdFreebsd Version2.2.8
FreebsdFreebsd Version3.0
FreebsdFreebsd Version3.0 Updatereleng
FreebsdFreebsd Version3.1
FreebsdFreebsd Version3.2
FreebsdFreebsd Version3.3
FreebsdFreebsd Version3.4
FreebsdFreebsd Version3.5
FreebsdFreebsd Version3.5 Updatestable
FreebsdFreebsd Version3.5.1
FreebsdFreebsd Version3.5.1 Updaterelease
FreebsdFreebsd Version3.5.1 Updatestable
FreebsdFreebsd Version4.0
FreebsdFreebsd Version4.0 Updatealpha
FreebsdFreebsd Version4.0 Updatereleng
FreebsdFreebsd Version4.1
FreebsdFreebsd Version4.1.1
FreebsdFreebsd Version4.2
FreebsdFreebsd Version4.3
IbmAix Version4.3
IbmAix Version4.3.1
IbmAix Version4.3.2
IbmAix Version4.3.3
IbmAix Version5.1
NetbsdNetbsd Version1.0
NetbsdNetbsd Version1.1
NetbsdNetbsd Version1.2
NetbsdNetbsd Version1.2.1
NetbsdNetbsd Version1.3
NetbsdNetbsd Version1.3.1
NetbsdNetbsd Version1.3.2
NetbsdNetbsd Version1.3.3
NetbsdNetbsd Version1.4
NetbsdNetbsd Version1.4.1
NetbsdNetbsd Version1.4.2
NetbsdNetbsd Version1.4.3
NetbsdNetbsd Version1.5
NetbsdNetbsd Version1.5.1
OpenbsdOpenbsd Version2.0
OpenbsdOpenbsd Version2.1
OpenbsdOpenbsd Version2.2
OpenbsdOpenbsd Version2.3
OpenbsdOpenbsd Version2.4
OpenbsdOpenbsd Version2.5
OpenbsdOpenbsd Version2.6
OpenbsdOpenbsd Version2.7
OpenbsdOpenbsd Version2.8
SunSolaris Version2.6
SunSunos Version5.0
SunSunos Version5.1
SunSunos Version5.2
SunSunos Version5.3
SunSunos Version5.4
SunSunos Version5.5
SunSunos Version5.5.1
SunSunos Version5.7
SunSunos Version5.8
DebianDebian Linux Version2.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 37.9% 0.984
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc
Patch
Vendor Advisory
Broken Link
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc
Broken Link
ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P
Broken Link
ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt
Broken Link
http://archives.neohapsis.com/archives/hp/2001-q4/0014.html
Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000413
Broken Link
http://ftp.support.compaq.com/patches/.new/html/SSRT0745U.shtml
Broken Link
http://online.securityfocus.com/advisories/3476
Third Party Advisory
Broken Link
VDB Entry
http://online.securityfocus.com/archive/1/199496
Third Party Advisory
Broken Link
VDB Entry
http://online.securityfocus.com/archive/1/199541
Third Party Advisory
Broken Link
VDB Entry
http://online.securityfocus.com/archive/1/203000
Third Party Advisory
Broken Link
VDB Entry
http://www.calderasystems.com/support/security/advisories/CSSA-2001-030.0.txt
Broken Link
http://www.cert.org/advisories/CA-2001-21.html
Patch
Third Party Advisory
US Government Resource
http://www.ciac.org/ciac/bulletins/l-131.shtml
Broken Link
http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml
Third Party Advisory
http://www.debian.org/security/2001/dsa-070
Third Party Advisory
http://www.debian.org/security/2001/dsa-075
Third Party Advisory
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-068.php3
Broken Link
http://www.novell.com/linux/security/advisories/2001_029_nkitb_txt.html
Broken Link
http://www.osvdb.org/809
Broken Link
http://www.redhat.com/support/errata/RHSA-2001-099.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2001-100.html
Third Party Advisory
http://www.securityfocus.com/archive/1/197804
Third Party Advisory
Vendor Advisory
Exploit
VDB Entry
http://www.securityfocus.com/bid/3064
Patch
Third Party Advisory
Vendor Advisory
Exploit
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/6875
Third Party Advisory
VDB Entry