20726 : NetBSD telnetd Static Local Variable Overflow
Printer | http://osvdb.org/20726 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

10 months ago

Percent Complete

90%

Disclosure

Oct 31, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

NetBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when telnetd utilizes static variables, allowing a malicious user to cause a buffer overflow and change the flow of execution. This flaw may lead to a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unavailable
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.0.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

NetBSD Foundation, Inc.	NetBSD	0.x
		2.0
		2.0.1
		2.0.2
		1.x

References

Security Tracker: 1015132
Related OSVDB ID: 20725 20727 20728 20729 20730 20731
Vendor Specific Advisory URL: http://mail-index.netbsd.org/netbsd-announce/2005/10/31/0000.html
Vendor URL: http://www.netbsd.org/
Other Advisory URL: http://www.uniras.gov.uk/niscc/docs/br-20051101-00969.html?lang=en

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

NetBSD Foundation, Inc.

NetBSD

References

Credit

Blogs

Comments