You are here: silicon.com > Resources > White Papers > Security > Intrusion - Tampering > Network Security

Network Security White Papers

CERT® Advisory CA-2001-21 Buffer Overflow in telnetd

Overview The telnetd program is a server for the Telnet remote virtual terminal protocol. There is a remotely exploitable buffer overflow in Telnet daemons derived from BSD source code. This vulnerability can crash the server, or be leveraged to gain root access.

I. Description

There is a remotely exploitable buffer overflow in Telnet daemons derived from BSD source code. During the processing of the Telnet protocol options, the results of the "telrcv" function are stored in a fixed-size buffer. It is assumed that the results are smaller than the buffer and no bounds checking is performed.

The vulnerability was discovered by TESO. An exploit for this vulnerability has been publicly released; internal testing at CERT/CC confirms this exploit works against at least one target system. For more information, see http://www.team-teso.net/advisories/teso-advisory-011.tar.gz.

This vulnerability has been assigned the identifier CAN-2001-0554 by the Common Vulnerabilities and Exposures (CVE) group.

Further White Paper Details
Publisher	CERT Coordination Center	File Format	HTML
Date Published	July 2001
Format	White Papers
Topics	Network Security

Did you find this white paper useful?

Balancing Security Against Productivity

Publisher:
Novell

Security: New strides in preventing intrusions.

Publisher:
IBM

Novell Zenworks Endpoint Security Management: Total Control from a Single Console

Publisher:
Novell

Secure Desktop On-Demand Webcast

Publisher:
Novell

DTW - DODIIS Trusted Workstation: Intelligence Paradigm for the 21st Century

Publisher:
Sun Microsystems

Oracle issues security warnings

Either of these issues is exploitable and could result in damage if exploited. The second flaw, a buffer overflow, could lead a component of the suite to crash and potentially allow an attacker to run code on the system.

Channel:
Security Strategy

Windows 2000 open to attack

The IE vulnerabilities could allow malicious attackers to launch a remote buffer overflow attack should users click on a malicious website link. As part of company policy, it does not release technical details of the vulnerabilities it finds until...

Beware Firefox buffer-overflow flaw, says Ferris

We are still determining whether it is exploitable in an attack. The security vulnerability is a buffer overflow flaw that "allows for an attacker to remotely execute arbitrary code" on a vulnerable PC, Ferris said.

OpenOffice patches trio of holes

A buffer overflow vulnerability has also been discovered, by Wade Alcorn of NGSSoftware. There are no workarounds for the macro and buffer overflow vulnerabilities. The buffer overflow can cause a memory overload and program crash which enables a...

Warning over "critical" QuickTime hole

An attacker could create a special RTSP string in a rigged QuickTime file that would cause a buffer overflow, according to the advisory. The vulnerability affects QuickTime 7.1.3, the latest version of the media player software released in...

Apple patches QuickTime flaw at last

According to the Apple alert: "A buffer overflow exists in QuickTime's handling of RTSP URLs. By enticing a user to access a maliciously crafted RTSP URL, an attacker can trigger the buffer overflow, which may lead to arbitrary code execution.

Live Webcast: Telecoms 2.0 - Where is telecoms heading?

In this webcast, our panel of experts will review where we are with next generation telecoms in the UK, working through the concept of 'Telecoms 2.0': - Realising the potential of Next Generation Networks - why it isn't just about the technology? - What attributes should firms be looking for in their telco partner? - Is the relationship between telco provider and customer changing? - What things need to happen to make next generation services a reality? - You say you want the supplier to change. Do you want to change too? - What is Telecoms 2.0?

Publisher:
ZDNet UK

Telecom 2.0: Mind over matter

ntl:Telewest Business believes that the role of the telco is evolving. Gone are the days when it was enough to simply focus on circuits and minutes, customers now need a far higher degree of interaction and look for suppliers who will talk business solutions with them.

Publisher:
ntl:Telewest Business

IBM Information Server Change Data Capture

In today's fast-paced world, access to real-time data has never been more important. To be successful, organizations need to be able to report and analyze corporate data quickly and easily, regardless of what applications created the data, what platform they're running on, or what database they're stored in.

Publisher:
IBM

An examination of server consolidation: the trends that can drive efficiencies and help businesses gain a competitive edge

This white paper provides a starting point for organizations contemplating server consolidation. It includes an overview of server consolidation concepts and techniques and provides guidance on methodologies. It also looks at the potential cost savings associated with server consolidation and offers information on how organizations can sustain the advantage they have gained by consolidating their servers.

Publisher:
IBM

Also on silicon.com

Site Navigation:

Network Security White Papers

CERT® Advisory CA-2001-21 Buffer Overflow in telnetd

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific