telnet-0.17-65.el7

エラータID: AXSA:2020-4688:01

Release date: 
Monday, April 6, 2020 - 16:44
Subject: 
telnet-0.17-65.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default.

Security Fix(es):

* telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code (CVE-2020-10188)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-10188
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

Solution: 

Update packages.

CVEs: 
CVE-2020-10188
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
Additional Info: 

N/A

Download: 

SRPMS
  1. telnet-0.17-65.el7.src.rpm
    MD5: 73f718378b320bf77e1840751c75ff04
    SHA-256: 6af83f1b867810cc95cf02b4241e383582b97c19c0a5b07de58252118c6b7c22
    Size: 285.41 kB

Asianux Server 7 for x86_64
  1. telnet-0.17-65.el7.x86_64.rpm
    MD5: a3f84c5e6f18b48b52a7c41d72f08e82
    SHA-256: bacc03de3abbf0a5abc75e22d800a72b2f9b42e9d1edea64fcb1ac2ed3a44335
    Size: 63.37 kB
  2. telnet-server-0.17-65.el7.x86_64.rpm
    MD5: 3f15b12ceb45b8fa91a536fd7d73b290
    SHA-256: 16d557c2ec7ba3481adea5da29ac5308dfd56e6b2032bc36a7b2b78e428e35a2
    Size: 40.10 kB