=========================================================== Ubuntu Security Notice USN-101-1 March 28, 2005 netkit-telnet vulnerabilities CAN-2004-0911, CAN-2005-0469 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: telnet telnetd The problem can be corrected by upgrading the affected package to version 0.17-24ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A buffer overflow was discovered in the telnet client's handling of the LINEMODE suboptions. By sending a specially constructed reply containing a large number of SLC (Set Local Character) commands, a remote attacker (i. e. a malicious telnet server) could execute arbitrary commands with the privileges of the user running the telnet client. (CAN-2005-0469) Michal Zalewski discovered a Denial of Service vulnerability in the telnet server (telnetd). A remote attacker could cause the telnetd process to free an invalid pointer, which caused the server process to crash, leading to a denial of service (inetd will disable the service if telnetd crashed repeatedly), or possibly the execution of arbitrary code with the privileges of the telnetd process (by default, the 'telnetd' user). Please note that the telnet server is not officially supported by Ubuntu, it is in the "universe" component. (CAN-2004-0911)