7.5

CVE-2005-0468

Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NcsaTelnet Versionc
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 27.07% 0.978
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc
Vendor Advisory
ftp://patches.sgi.com/support/free/security/advisories/20050405-01-P
Patch
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000962
http://secunia.com/advisories/14745
http://secunia.com/advisories/17899
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101665-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101671-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-001-telnet.txt
Patch
Vendor Advisory
http://www.debian.de/security/2005/dsa-731
http://www.debian.org/security/2005/dsa-703
Patch
Vendor Advisory
http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities
Vendor Advisory
http://www.kb.cert.org/vuls/id/341908
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2005:061
http://www.redhat.com/support/errata/RHSA-2005-327.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-330.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/12919
http://www.ubuntulinux.org/usn/usn-224-1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9640