Skip to navigation

Security Advisory telnet security update

Advisory: RHSA-2005:327-10
Type: Security Advisory
Severity: Important
Issued on: 2005-03-28
Last updated on: 2005-03-28
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-0468
CVE-2005-0469

Details

Updated telnet packages that fix two buffer overflow vulnerabilities are
now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The telnet package provides a command line telnet client. The telnet-server
package includes a telnet daemon, telnetd, that supports remote login to
the host machine.

Two buffer overflow flaws were discovered in the way the telnet client
handles messages from a server. An attacker may be able to execute
arbitrary code on a victim's machine if the victim can be tricked into
connecting to a malicious telnet server. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468
and CAN-2005-0469 to these issues.

Additionally, the following bugs have been fixed in these erratum packages
for Red Hat Enterprise Linux 2.1 and Red Hat Enterprise Linux 3:

- telnetd could loop on an error in the child side process

- There was a race condition in telnetd on a wtmp lock on some occasions

- The command line in the process table was sometimes too long and caused
bad output from the ps command

- The 8-bit binary option was not working

Users of telnet should upgrade to this updated package, which contains
backported patches to correct these issues.

Red Hat would like to thank iDEFENSE for their responsible disclosure of
this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)
IA-32:
telnet-0.17-26.EL3.2.i386.rpm
File outdated by:  RHSA-2005:504		     MD5: a1edb03210ac63b30f6332a2e4227dc9
telnet-server-0.17-26.EL3.2.i386.rpm
File outdated by:  RHSA-2005:504		     MD5: 6eea6c08ea68f1ea8a177c63016e9935
 
x86_64:
telnet-0.17-26.EL3.2.x86_64.rpm
File outdated by:  RHSA-2005:504		     MD5: 7d226b52aae9119e23645d3243bd821c
telnet-server-0.17-26.EL3.2.x86_64.rpm
File outdated by:  RHSA-2005:504		     MD5: d48f86ee42581c351d565aa78d373204
 
Red Hat Desktop (v. 4)
IA-32:
telnet-0.17-31.EL4.2.i386.rpm
File outdated by:  RHBA-2007:0798		     MD5: c03d8fbd5c1a1dfd334263e034626bef
telnet-server-0.17-31.EL4.2.i386.rpm
File outdated by:  RHBA-2007:0798		     MD5: 095477b3fd6797a4dcb71eaa6fe40fb9
 
x86_64:
telnet-0.17-31.EL4.2.x86_64.rpm
File outdated by:  RHBA-2007:0798		     MD5: ba9038dbfdedbf0d064c6b2be18f10e4
telnet-server-0.17-31.EL4.2.x86_64.rpm
File outdated by:  RHBA-2007:0798		     MD5: 42fc60c48cacc2d40798fc33681bfcd2
 
Red Hat Enterprise Linux AS (v. 2.1)
IA-32:
telnet-0.17-20.EL2.3.i386.rpm
File outdated by:  RHSA-2005:504		     MD5: 9844ce440580371e21adb6e240f7ef32
telnet-server-0.17-20.EL2.3.i386.rpm
File outdated by:  RHSA-2005:504		     MD5: 6a8a735c26c81c10fd03d25ed001c89c
 
IA-64:
telnet-0.17-20.EL2.3.ia64.rpm
File outdated by:  RHSA-2005:504		     MD5: 17e5e124770f7772cf0d4c4e24650b87
telnet-server-0.17-20.EL2.3.ia64.rpm
File outdated by:  RHSA-2005:504		     MD5: 94149177b916123e92c80bf5412112fc
 
Red Hat Enterprise Linux AS (v. 3)
IA-32:
telnet-0.17-26.EL3.2.i386.rpm
File outdated by:  RHSA-2005:504		     MD5: a1edb03210ac63b30f6332a2e4227dc9
telnet-server-0.17-26.EL3.2.i386.rpm
File outdated by:  RHSA-2005:504		     MD5: 6eea6c08ea68f1ea8a177c63016e9935
 
IA-64:
telnet-0.17-26.EL3.2.ia64.rpm
File outdated by:  RHSA-2005:504		     MD5: 540dfa1463fb15b035371cb8815c8003
telnet-server-0.17-26.EL3.2.ia64.rpm
File outdated by:  RHSA-2005:504		     MD5: cf5ea891b305e4e150b31f012e5bd0b7
 
PPC:
telnet-0.17-26.EL3.2.ppc.rpm
File outdated by:  RHSA-2005:504		     MD5: 004cd42520a5052fbbf6f150ebec5308
telnet-server-0.17-26.EL3.2.ppc.rpm
File outdated by:  RHSA-2005:504		     MD5: 5246c393f0b38a64a47efc8b091d3cc3
 
s390:
telnet-0.17-26.EL3.2.s390.rpm
File outdated by:  RHSA-2005:504		     MD5: feb70dd0f45a9e08d5d49fcb773924f2
telnet-server-0.17-26.EL3.2.s390.rpm
File outdated by:  RHSA-2005:504		     MD5: 9290204b8e84f96b024ffe98da834174
 
s390x:
telnet-0.17-26.EL3.2.s390x.rpm
File outdated by:  RHSA-2005:504		     MD5: 8d7419651888f9943e82918b73c84b09
telnet-server-0.17-26.EL3.2.s390x.rpm
File outdated by:  RHSA-2005:504		     MD5: 6dc6d17c2086c6756a74e9e48552b634
 
x86_64:
telnet-0.17-26.EL3.2.x86_64.rpm
File outdated by:  RHSA-2005:504		     MD5: 7d226b52aae9119e23645d3243bd821c
telnet-server-0.17-26.EL3.2.x86_64.rpm
File outdated by:  RHSA-2005:504		     MD5: d48f86ee42581c351d565aa78d373204
 
Red Hat Enterprise Linux AS (v. 4)
IA-32:
telnet-0.17-31.EL4.2.i386.rpm
File outdated by:  RHBA-2007:0798		     MD5: c03d8fbd5c1a1dfd334263e034626bef
telnet-server-0.17-31.EL4.2.i386.rpm
File outdated by:  RHBA-2007:0798		     MD5: 095477b3fd6797a4dcb71eaa6fe40fb9
 
IA-64:
telnet-0.17-31.EL4.2.ia64.rpm
File outdated by:  RHBA-2007:0798		     MD5: c1eaa58f26e47c3c8370ff2189b78b81
telnet-server-0.17-31.EL4.2.ia64.rpm
File outdated by:  RHBA-2007:0798		     MD5: 3e47cc360ea07b28c16da6fdfb88c39e
 
PPC:
telnet-0.17-31.EL4.2.ppc.rpm
File outdated by:  RHBA-2007:0798		     MD5: 22fc96070dc40b3686d23b62f213069c
telnet-server-0.17-31.EL4.2.ppc.rpm
File outdated by:  RHBA-2007:0798		     MD5: 53e773d2752608b0414a8fd0e449c694
 
s390:
telnet-0.17-31.EL4.2.s390.rpm
File outdated by:  RHBA-2007:0798		     MD5: 8336b046ae91cc296a949ce840858489
telnet-server-0.17-31.EL4.2.s390.rpm
File outdated by:  RHBA-2007:0798		     MD5: 62fa5b57339984f7903c8c6828cf3907
 
s390x:
telnet-0.17-31.EL4.2.s390x.rpm
File outdated by:  RHBA-2007:0798		     MD5: a9687c4c60aa7ce447b322ad15e491e1
telnet-server-0.17-31.EL4.2.s390x.rpm
File outdated by:  RHBA-2007:0798		     MD5: 624150f3b2bb179af14f89333549baf8
 
x86_64:
telnet-0.17-31.EL4.2.x86_64.rpm
File outdated by:  RHBA-2007:0798		     MD5: ba9038dbfdedbf0d064c6b2be18f10e4
telnet-server-0.17-31.EL4.2.x86_64.rpm
File outdated by:  RHBA-2007:0798		     MD5: 42fc60c48cacc2d40798fc33681bfcd2
 
Red Hat Enterprise Linux ES (v. 2.1)
IA-32:
telnet-0.17-20.EL2.3.i386.rpm
File outdated by:  RHSA-2005:504		     MD5: 9844ce440580371e21adb6e240f7ef32
telnet-server-0.17-20.EL2.3.i386.rpm
File outdated by:  RHSA-2005:504		     MD5: 6a8a735c26c81c10fd03d25ed001c89c
 
Red Hat Enterprise Linux ES (v. 3)
IA-32:
telnet-0.17-26.EL3.2.i386.rpm
File outdated by:  RHSA-2005:504		     MD5: a1edb03210ac63b30f6332a2e4227dc9
telnet-server-0.17-26.EL3.2.i386.rpm
File outdated by:  RHSA-2005:504		     MD5: 6eea6c08ea68f1ea8a177c63016e9935
 
IA-64:
telnet-0.17-26.EL3.2.ia64.rpm
File outdated by:  RHSA-2005:504		     MD5: 540dfa1463fb15b035371cb8815c8003
telnet-server-0.17-26.EL3.2.ia64.rpm
File outdated by:  RHSA-2005:504		     MD5: cf5ea891b305e4e150b31f012e5bd0b7
 
x86_64:
telnet-0.17-26.EL3.2.x86_64.rpm
File outdated by:  RHSA-2005:504		     MD5: 7d226b52aae9119e23645d3243bd821c
telnet-server-0.17-26.EL3.2.x86_64.rpm
File outdated by:  RHSA-2005:504		     MD5: d48f86ee42581c351d565aa78d373204
 
Red Hat Enterprise Linux ES (v. 4)
IA-32:
telnet-0.17-31.EL4.2.i386.rpm
File outdated by:  RHBA-2007:0798		     MD5: c03d8fbd5c1a1dfd334263e034626bef
telnet-server-0.17-31.EL4.2.i386.rpm
File outdated by:  RHBA-2007:0798		     MD5: 095477b3fd6797a4dcb71eaa6fe40fb9
 
IA-64:
telnet-0.17-31.EL4.2.ia64.rpm
File outdated by:  RHBA-2007:0798		     MD5: c1eaa58f26e47c3c8370ff2189b78b81
telnet-server-0.17-31.EL4.2.ia64.rpm
File outdated by:  RHBA-2007:0798		     MD5: 3e47cc360ea07b28c16da6fdfb88c39e
 
x86_64:
telnet-0.17-31.EL4.2.x86_64.rpm
File outdated by:  RHBA-2007:0798		     MD5: ba9038dbfdedbf0d064c6b2be18f10e4
telnet-server-0.17-31.EL4.2.x86_64.rpm
File outdated by:  RHBA-2007:0798		     MD5: 42fc60c48cacc2d40798fc33681bfcd2
 
Red Hat Enterprise Linux WS (v. 2.1)
IA-32:
telnet-0.17-20.EL2.3.i386.rpm
File outdated by:  RHSA-2005:504		     MD5: 9844ce440580371e21adb6e240f7ef32
telnet-server-0.17-20.EL2.3.i386.rpm
File outdated by:  RHSA-2005:504		     MD5: 6a8a735c26c81c10fd03d25ed001c89c
 
Red Hat Enterprise Linux WS (v. 3)
IA-32:
telnet-0.17-26.EL3.2.i386.rpm
File outdated by:  RHSA-2005:504		     MD5: a1edb03210ac63b30f6332a2e4227dc9
telnet-server-0.17-26.EL3.2.i386.rpm
File outdated by:  RHSA-2005:504		     MD5: 6eea6c08ea68f1ea8a177c63016e9935
 
IA-64:
telnet-0.17-26.EL3.2.ia64.rpm
File outdated by:  RHSA-2005:504		     MD5: 540dfa1463fb15b035371cb8815c8003
telnet-server-0.17-26.EL3.2.ia64.rpm
File outdated by:  RHSA-2005:504		     MD5: cf5ea891b305e4e150b31f012e5bd0b7
 
x86_64:
telnet-0.17-26.EL3.2.x86_64.rpm
File outdated by:  RHSA-2005:504		     MD5: 7d226b52aae9119e23645d3243bd821c
telnet-server-0.17-26.EL3.2.x86_64.rpm
File outdated by:  RHSA-2005:504		     MD5: d48f86ee42581c351d565aa78d373204
 
Red Hat Enterprise Linux WS (v. 4)
IA-32:
telnet-0.17-31.EL4.2.i386.rpm
File outdated by:  RHBA-2007:0798		     MD5: c03d8fbd5c1a1dfd334263e034626bef
telnet-server-0.17-31.EL4.2.i386.rpm
File outdated by:  RHBA-2007:0798		     MD5: 095477b3fd6797a4dcb71eaa6fe40fb9
 
IA-64:
telnet-0.17-31.EL4.2.ia64.rpm
File outdated by:  RHBA-2007:0798		     MD5: c1eaa58f26e47c3c8370ff2189b78b81
telnet-server-0.17-31.EL4.2.ia64.rpm
File outdated by:  RHBA-2007:0798		     MD5: 3e47cc360ea07b28c16da6fdfb88c39e
 
x86_64:
telnet-0.17-31.EL4.2.x86_64.rpm
File outdated by:  RHBA-2007:0798		     MD5: ba9038dbfdedbf0d064c6b2be18f10e4
telnet-server-0.17-31.EL4.2.x86_64.rpm
File outdated by:  RHBA-2007:0798		     MD5: 42fc60c48cacc2d40798fc33681bfcd2
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
IA-64:
telnet-0.17-20.EL2.3.ia64.rpm
File outdated by:  RHSA-2005:504		     MD5: 17e5e124770f7772cf0d4c4e24650b87
telnet-server-0.17-20.EL2.3.ia64.rpm
File outdated by:  RHSA-2005:504		     MD5: 94149177b916123e92c80bf5412112fc
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

126858 - Too long /proc/X/cmdline: bad ps output when piped to less/more
145004 - telnetd cleanup() race condition with syslog in signal handler
145636 - [PATCH] telnetd loops on child IO error
147003 - [RHEL3] telnetd cleanup() race condition with syslog in signal handler
151297 - CAN-2005-0469 slc_add_reply() Buffer Overflow Vulnerability
151301 - CAN-2005-0468 env_opt_add() Buffer Overflow Vulnerability


References

https://www.redhat.com/security/data/cve/CVE-2005-0468.html
https://www.redhat.com/security/data/cve/CVE-2005-0469.html
http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/