Published: 11/07/2019 Updated: 10/10/2019
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client ? accessible from the CLI or shell ? in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions before 12.3R12-S13; 12.3X48 versions before 12.3X48-D80; 14.1X53 versions before 14.1X53-D130, 14.1X53-D49; 15.1 versions before 15.1F6-S12, 15.1R7-S4; 15.1X49 versions before 15.1X49-D170; 15.1X53 versions before 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions before 16.1R3-S11, 16.1R7-S4; 16.2 versions before 16.2R2-S9; 17.1 versions before 17.1R3; 17.2 versions before 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions before 17.3R3-S4; 17.4 versions before 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions before 18.1R2-S4, 18.1R3-S3; 18.2 versions before 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions before 18.2X75-D40; 18.3 versions before 18.3R1-S3, 18.3R2; 18.4 versions before 18.4R1-S2, 18.4R2.

Vulnerability Trend

Affected Products

Vendor Product Versions
JuniperJunos12.3, 12.3r12, 12.3x48, 14.1x53, 15.1, 15.1x49, 15.1x53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.2x75, 18.3, 18.4

Vendor Advisories

Debian Bug report logs - #945861 inetutils: CVE-2019-0053 Package: src:inetutils; Maintainer for src:inetutils is Guillem Jover <guillem@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 29 Nov 2019 23:33:02 UTC Severity: normal Tags: security, upstream Found in versions inetutils/2:194 ...
inetutils <= 197 contains a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices A stack-based overflow is present in the handling of environment variables when connecting telnetc to remote telnet servers through oversized DISPLAY arguments ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:12telnet Security Advisory The FreeBSD Project Topic: telnet(1) client multiple vulnerabilities Categor ...

Github Repositories