Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freebsd | freebsd | 4.3 |
| freebsd | freebsd | 2.2.5 |
| sun | sunos | 5.7 |
| netbsd | netbsd | 1.2.1 |
| ibm | aix | 4.3.2 |
| freebsd | freebsd | 4.0 |
| netbsd | netbsd | 1.1 |
| sun | sunos | 5.2 |
| netbsd | netbsd | 1.4.2 |
| freebsd | freebsd | 2.2.8 |
| ibm | aix | 5.1 |
| sun | sunos | 5.4 |
| freebsd | freebsd | 2.2.1 |
| freebsd | freebsd | 2.1.5 |
| sun | sunos | 5.0 |
| openbsd | openbsd | 2.0 |
| openbsd | openbsd | 2.3 |
| freebsd | freebsd | 3.2 |
| freebsd | freebsd | 2.1.6.1 |
| freebsd | freebsd | 2.2.4 |
| sun | sunos | 5.1 |
| sun | solaris | 2.6 |
| freebsd | freebsd | 2.2.3 |
| freebsd | freebsd | 2.1.7.1 |
| freebsd | freebsd | 4.1.1 |
| netkit | linux_netkit | 0.10 |
| netkit | linux_netkit | 0.11 |
| netbsd | netbsd | 1.4 |
| mit | kerberos_5 | 1.1 |
| openbsd | openbsd | 2.7 |
| netbsd | netbsd | 1.0 |
| netbsd | netbsd | 1.3 |
| freebsd | freebsd | 4.2 |
| openbsd | openbsd | 2.2 |
| sun | sunos | 5.5.1 |
| netbsd | netbsd | 1.5.1 |
| freebsd | freebsd | 3.1 |
| mit | kerberos_5 | 1.2 |
| freebsd | freebsd | 3.5.1 |
| sun | sunos | 5.3 |
| sun | sunos | 5.8 |
| ibm | aix | 4.3 |
| netbsd | netbsd | 1.2 |
| openbsd | openbsd | 2.1 |
| netkit | linux_netkit | 0.12 |
| sun | sunos | 5.5 |
| freebsd | freebsd | 2.0.1 |
| freebsd | freebsd | 2.1.7 |
| openbsd | openbsd | 2.6 |
| mit | kerberos_5 | 1.2.1 |
| netbsd | netbsd | 1.3.2 |
| mit | kerberos_5 | 1.1.1 |
| freebsd | freebsd | 3.3 |
| freebsd | freebsd | 2.2 |
| freebsd | freebsd | 2.2.7 |
| netbsd | netbsd | 1.3.1 |
| freebsd | freebsd | 3.0 |
| debian | debian_linux | 2.2 |
| netbsd | netbsd | 1.4.1 |
| freebsd | freebsd | 2.2.6 |
| freebsd | freebsd | 2.0 |
| mit | kerberos | 1.0 |
| mit | kerberos_5 | 1.2.2 |
| freebsd | freebsd | 3.4 |
| freebsd | freebsd | 2.1.0 |
| netbsd | netbsd | 1.3.3 |
| openbsd | openbsd | 2.5 |
| ibm | aix | 4.3.1 |
| netbsd | netbsd | 1.5 |
| freebsd | freebsd | 3.5 |
| openbsd | openbsd | 2.8 |
| freebsd | freebsd | 2.1.6 |
| sgi | irix | 6.5 |
| freebsd | freebsd | 2.1 |
| ibm | aix | 4.3.3 |
| freebsd | freebsd | 2.0.5 |
| openbsd | openbsd | 2.4 |
| freebsd | freebsd | 4.1 |
| netbsd | netbsd | 1.4.3 |
| freebsd | freebsd | 2.2.2 |
Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ssltelnetd | secure_telnet | 0.13.1 |
| netkit | linux_netkit | 0.17 |
| netkit | linux_netkit | 0.17.17 |
Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.5.4 |
| linux | linux_kernel | 2.5.23 |
| linux | linux_kernel | 2.0.9.9 |
| linux | linux_kernel | 2.5.45 |
| linux | linux_kernel | 2.3.99 |
| linux | linux_kernel | 2.4.18 |
| linux | linux_kernel | 2.6.20.1 |
| linux | linux_kernel | 2.4.30 |
| linux | linux_kernel | 2.2.24 |
| linux | linux_kernel | 2.5.68 |
| linux | linux_kernel | 2.2.13 |
| linux | linux_kernel | 2.5.16 |
| linux | linux_kernel | 2.4.7 |
| linux | linux_kernel | 2.4.29 |
| linux | linux_kernel | 2.4.15 |
| linux | linux_kernel | 2.0.28 |
| linux | linux_kernel | 2.2.6 |
| linux | linux_kernel | 2.5.2 |
| linux | linux_kernel | 2.0.27 |
| linux | linux_kernel | 2.2.9 |
| linux | linux_kernel | 2.5.62 |
| linux | linux_kernel | 2.0.18 |
| linux | linux_kernel | 2.2.25 |
| linux | linux_kernel | 2.5.47 |
| linux | linux_kernel | 2.2.11 |
| linux | linux_kernel | 2.5.7 |
| linux | linux_kernel | 2.4.4 |
| linux | linux_kernel | 2.0.10 |
| linux | linux_kernel | 2.5.11 |
| linux | linux_kernel | 2.5.61 |
| linux | linux_kernel | 2.6.8 |
| linux | linux_kernel | 2.5.9 |
| linux | linux_kernel | 2.0.20 |
| linux | linux_kernel | 2.4.23_ow2 |
| linux | linux_kernel | 2.2.12 |
| linux | linux_kernel | 2.2.23 |
| linux | linux_kernel | 2.5.48 |
| linux | linux_kernel | 2.6.7 |
| linux | linux_kernel | 2.0.36 |
| linux | linux_kernel | 2.5.36 |
| linux | linux_kernel | 2.6.11.5 |
| linux | linux_kernel | 2.4.10 |
| linux | linux_kernel | 2.5.66 |
| linux | linux_kernel | 2.5.22 |
| linux | linux_kernel | 2.0.16 |
| linux | linux_kernel | 2.0.19 |
| linux | linux_kernel | 2.5.25 |
| linux | linux_kernel | 2.5.10 |
| linux | linux_kernel | 2.4.22 |
| linux | linux_kernel | 2.3.0 |
| linux | linux_kernel | 2.5.59 |
| vserver | linux-vserver | 1.22 |
| linux | linux_kernel | 2.2.8 |
| linux | linux_kernel | 2.0.21 |
| linux | linux_kernel | 2.2.19 |
| linux | linux_kernel | 2.5.19 |
| linux | linux_kernel | 2.6_test9_cvs |
| linux | linux_kernel | 2.4.24_ow1 |
| linux | linux_kernel | 2.2.17 |
| linux | linux_kernel | 2.2.15 |
| linux | linux_kernel | 2.5.41 |
| linux | linux_kernel | 2.6.11 |
| linux | linux_kernel | 2.0.26 |
| linux | linux_kernel | 2.5.52 |
| linux | linux_kernel | 2.4.11 |
| linux | linux_kernel | 2.5.29 |
| linux | linux_kernel | 2.4.25 |
| linux | linux_kernel | 2.5.24 |
| linux | linux_kernel | 2.4.6 |
| linux | linux_kernel | 2.0.13 |
| linux | linux_kernel | 2.0.17 |
| linux | linux_kernel | 2.5.53 |
| linux | linux_kernel | 2.5.51 |
| linux | linux_kernel | 2.4.3 |
| linux | linux_kernel | 2.4.1 |
| linux | linux_kernel | 2.4.17 |
| linux | linux_kernel | 2.6.1 |
| linux | linux_kernel | 2.5.3 |
| linux | linux_kernel | 2.5.17 |
| linux | linux_kernel | 2.0.14 |
| linux | linux_kernel | 2.5.60 |
| linux | linux_kernel | 2.2.10 |
| linux | linux_kernel | 2.4.14 |
| linux | linux_kernel | 2.5.38 |
| linux | linux_kernel | 2.5.44 |
| linux | linux_kernel | 2.0.4 |
| linux | linux_kernel | 2.2.18 |
| linux | linux_kernel | 2.5.69 |
| linux | linux_kernel | 2.0.29 |
| linux | linux_kernel | 2.5.26 |
| linux | linux_kernel | 2.5.0 |
| linux | linux_kernel | 2.5.8 |
| linux | linux_kernel | 2.5.28 |
| linux | linux_kernel | 2.5.42 |
| linux | linux_kernel | 2.0.8 |
| linux | linux_kernel | 2.5.18 |
| linux | linux_kernel | 2.2.3 |
| linux | linux_kernel | 2.6.3 |
| linux | linux_kernel | 2.4.19 |
| linux | linux_kernel | 2.5.13 |
| linux | linux_kernel | 2.0.32 |
| linux | linux_kernel | 2.6.6 |
| linux | linux_kernel | 2.5.43 |
| linux | linux_kernel | 2.0.35 |
| linux | linux_kernel | 2.4.23 |
| linux | linux_kernel | 2.0.30 |
| linux | linux_kernel | 2.4.16 |
| linux | linux_kernel | 2.2.22 |
| linux | linux_kernel | 2.5.56 |
| linux | linux_kernel | 2.2.7 |
| netkit | linux_netkit | 0.17 |
| linux | linux_kernel | 2.0.7 |
| linux | linux_kernel | 2.0.22 |
| linux | linux_kernel | 2.6.11.4 |
| linux | linux_kernel | 2.5.5 |
| vserver | linux-vserver | 1.23 |
| linux | linux_kernel | 2.0.11 |
| linux | linux_kernel | 2.5.50 |
| linux | linux_kernel | 2.5.39 |
| linux | linux_kernel | 2.2.15_pre20 |
| linux | linux_kernel | 2.4.28 |
| linux | linux_kernel | 2.5.57 |
| vserver | linux-vserver | 1.20 |
| linux | linux_kernel | 2.2.0 |
| linux | linux_kernel | 2.6.12 |
| linux | linux_kernel | 2.5.15 |
| linux | linux_kernel | 2.0.39 |
| linux | linux_kernel | 2.5.58 |
| linux | linux_kernel | 2.2.16 |
| linux | linux_kernel | 2.5.32 |
| linux | linux_kernel | 2.0.3 |
| linux | linux_kernel | 2.4.20 |
| linux | linux_kernel | 2.5.54 |
| linux | linux_kernel | 2.5.40 |
| linux | linux_kernel | 2.0.12 |
| linux | linux_kernel | 2.2.5 |
| linux | linux_kernel | 2.5.34 |
| linux | linux_kernel | 2.6.10 |
| linux | linux_kernel | 2.5.64 |
| linux | linux_kernel | 2.1 |
| linux | linux_kernel | 2.5.30 |
| linux | linux_kernel | 2.5.46 |
| linux | linux_kernel | 2.5.31 |
| linux | linux_kernel | 2.5.12 |
| linux | linux_kernel | 2.0.24 |
| linux | linux_kernel | 2.0.25 |
| linux | linux_kernel | 2.5.67 |
| linux | linux_kernel | 2.2.1 |
| linux | linux_kernel | 2.0.38 |
| linux | linux_kernel | 2.5.33 |
| linux | linux_kernel | 2.0.23 |
| linux | linux_kernel | 2.4.21 |
| linux | linux_kernel | 2.5.37 |
| vserver | linux-vserver | 1.24 |
| linux | linux_kernel | 2.6.11.1 |
| linux | linux_kernel | 2.6.11.8 |
| linux | linux_kernel | 2.4.12 |
| linux | linux_kernel | 2.2.14 |
| linux | linux_kernel | 2.5.6 |
| linux | linux_kernel | 2.4.2 |
| linux | linux_kernel | 2.0.5 |
| linux | linux_kernel | 2.6.11.7 |
| linux | linux_kernel | 2.5.65 |
| linux | linux_kernel | 2.4.26 |
| linux | linux_kernel | 2.0.37 |
| linux | linux_kernel | 2.5.21 |
| linux | linux_kernel | 2.5.35 |
| netkit | linux_netkit | 0.17.17 |
| linux | linux_kernel | 2.5.63 |
| linux | linux_kernel | 2.4.13 |
| linux | linux_kernel | 2.6.11.2 |
| linux | linux_kernel | 2.2.21 |
| linux | linux_kernel | 2.0 |
| linux | linux_kernel | 2.4.5 |
| linux | linux_kernel | 2.0.33 |
| vserver | linux-vserver | 1.21 |
| linux | linux_kernel | 2.6.0 |
| linux | linux_kernel | 2.0.2 |
| linux | linux_kernel | 2.6.11.3 |
| linux | linux_kernel | 2.0.34 |
| linux | linux_kernel | 2.0.15 |
| linux | linux_kernel | 2.0.31 |
| linux | linux_kernel | 2.5.1 |
| linux | linux_kernel | 2.0.1 |
| linux | linux_kernel | 2.5.27 |
| linux | linux_kernel | 2.5.20 |
| linux | linux_kernel | 2.4.31 |
| linux | linux_kernel | 2.4.24 |
| linux | linux_kernel | 2.6.5 |
| linux | linux_kernel | 2.2.2 |
| linux | linux_kernel | 2.5.55 |
| linux | linux_kernel | 2.0.6 |
| linux | linux_kernel | 2.2.4 |
| linux | linux_kernel | 2.1.89 |
| linux | linux_kernel | 2.2.20 |
| linux | linux_kernel | 2.0.9 |
| linux | linux_kernel | 2.2.27 |
| linux | linux_kernel | 2.4.0 |
| linux | linux_kernel | 2.4.9 |
| linux | linux_kernel | 2.5.49 |
| linux | linux_kernel | 2.5.14 |
| linux | linux_kernel | 2.6.2 |
| linux | linux_kernel | 2.6.11.6 |
| linux | linux_kernel | 2.4.27 |
| linux | linux_kernel | 2.6.4 |
| linux | linux_kernel | 2.4.8 |
In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 34 |
| fedoraproject | fedora | 36 |
| fedoraproject | fedora | 35 |
| netkit | netkit | * |
| debian | debian_linux | 9.0 |
An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H | 2.2 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netkit | netkit | * |
| debian | debian_linux | 9.0 |
netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netkit | netkit | 0.17-24 |