Published: 14/08/2001 Updated: 21/01/2022

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote malicious users to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
netkit linux netkit 0.10
netkit linux netkit 0.11
mit kerberos 1.0
netkit linux netkit 0.12
sgi irix 6.5
mit kerberos 5 1.2
mit kerberos 5 1.2.1
mit kerberos 5 1.2.2
mit kerberos 5 1.1
mit kerberos 5 1.1.1
freebsd freebsd 2.0
freebsd freebsd 2.0.1
freebsd freebsd 2.0.5
freebsd freebsd 2.1
freebsd freebsd 2.1.0
freebsd freebsd 2.1.5
freebsd freebsd 2.1.6
freebsd freebsd 2.1.6.1
freebsd freebsd 2.1.7
freebsd freebsd 2.1.7.1
freebsd freebsd 2.2
freebsd freebsd 2.2.1
freebsd freebsd 2.2.2
freebsd freebsd 2.2.3
freebsd freebsd 2.2.4
freebsd freebsd 2.2.5
freebsd freebsd 2.2.6
freebsd freebsd 2.2.7
freebsd freebsd 2.2.8
freebsd freebsd 3.0
freebsd freebsd 3.1
freebsd freebsd 3.2
freebsd freebsd 3.3
freebsd freebsd 3.4
freebsd freebsd 3.5
freebsd freebsd 3.5.1
freebsd freebsd 4.0
freebsd freebsd 4.1
freebsd freebsd 4.1.1
freebsd freebsd 4.2
freebsd freebsd 4.3
ibm aix 4.3
ibm aix 4.3.1
ibm aix 4.3.2
ibm aix 4.3.3
ibm aix 5.1
netbsd netbsd 1.0
netbsd netbsd 1.1
netbsd netbsd 1.2
netbsd netbsd 1.2.1
netbsd netbsd 1.3
netbsd netbsd 1.3.1
netbsd netbsd 1.3.2
netbsd netbsd 1.3.3
netbsd netbsd 1.4
netbsd netbsd 1.4.1
netbsd netbsd 1.4.2
netbsd netbsd 1.4.3
netbsd netbsd 1.5
netbsd netbsd 1.5.1
openbsd openbsd 2.0
openbsd openbsd 2.1
openbsd openbsd 2.2
openbsd openbsd 2.3
openbsd openbsd 2.4
openbsd openbsd 2.5
openbsd openbsd 2.6
openbsd openbsd 2.7
openbsd openbsd 2.8
sun solaris 2.6
sun sunos 5.0
sun sunos 5.1
sun sunos 5.2
sun sunos 5.3
sun sunos 5.4
sun sunos 5.5
sun sunos 5.5.1
sun sunos 5.7
sun sunos 5.8
debian debian linux 2.2

The telnet daemon contained in the netkit-telnet-ssl_0163-1 package in the 'stable' (potato) distribution of Debian GNU/Linux is vulnerable to an exploitable overflow in its output handling The original bug was found by <scut@nbin-berlinde>, and announced to bugtraq on Jul 18 2001 At that time, netkit-telnet versions after 014 were not ...

The Cisco VPN 3000 series concentrators are a family of purpose-built, remote access Virtual Private Network (VPN) platforms for data encryption and authentication This advisory documents multiple vulnerabilities for the Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client These vulnerabilities are documented as Cisc ...

Some Cisco Catalyst switches, running certain CatOS based software releases, have a vulnerability wherein a buffer overflow in the Telnet option handling can cause the Telnet daemon to crash and result in a switch reload This vulnerability can be exploited to initiate a denial of service (DoS) attack This vulnerability is documented a ...

source: wwwsecurityfocuscom/bid/3064/info A boundary condition error exists in telnet daemons derived from the BSD telnet daemon Under certain circumstances, the buffer overflow can occur when a combination of telnet protocol options are received by the daemon The function responsible for processing the options prepares a response with ...

CWE-120 http://www.securityfocus.com/archive/1/197804 http://www.cert.org/advisories/CA-2001-21.html ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc http://www.securityfocus.com/bid/3064 http://online.securityfocus.com/archive/1/199496 http://online.securityfocus.com/archive/1/203000 http://online.securityfocus.com/archive/1/199541 http://www.ciac.org/ciac/bulletins/l-131.shtml http://www.calderasystems.com/support/security/advisories/CSSA-2001-030.0.txt ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml http://ftp.support.compaq.com/patches/.new/html/SSRT0745U.shtml http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000413 http://www.debian.org/security/2001/dsa-070 http://www.debian.org/security/2001/dsa-075 http://archives.neohapsis.com/archives/hp/2001-q4/0014.html http://online.securityfocus.com/advisories/3476 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-068.php3 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P http://www.redhat.com/support/errata/RHSA-2001-099.html http://www.redhat.com/support/errata/RHSA-2001-100.html http://www.novell.com/linux/security/advisories/2001_029_nkitb_txt.html http://www.osvdb.org/809 https://exchange.xforce.ibmcloud.com/vulnerabilities/6875 https://nvd.nist.gov https://www.debian.org/security/./dsa-075 https://www.exploit-db.com/exploits/21018/http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020903-vpn3k-vulnerability https://www.kb.cert.org/vuls/id/745371

CVE-2001-0554

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect