Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to execute arbitrary code via (1) a long DNS hostname that is determined using reverse DNS lookups, (2) a long AUTH string, or (3) certain data in the xtell request.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xtell | xtell | 1.91.1 |
| xtell | xtell | 2.6.1 |
Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to read files with short names, and local users to read more files using a symlink with a short name, via a .. in the TTY argument.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xtell | xtell | 1.91.1 |
| xtell | xtell | 2.6.1 |
xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local users to modify files via a symlink attack on the .xtell-log file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xtell | xtell | 1.91.1 |
| xtell | xtell | 2.6.1 |