Multiple.Vendor.Telnet.Client.Env.Opt.Add.Buffer.Overflow

description-logoDescription

This indicates a possible attempt to exploit a Heap Based Buffer overflow vulnerability in the Telnet clients of Multiple vendors.
The vulnerability is due to the failure to boundary check replies to the telnet server when handling a "NEW-ENVIRON" sub option. It may allow an attacker to execute arbitrary code on an affected system by sending response witha large number of characters that require escaping. The attacker would need to convince the victim to connect to a malicious Telnet server.

affected-products-logoAffected Products

Multiple vendor Telnet clients such as FreeBSD and derivatives of FreeBSD.

Impact logoImpact

System Compromise.

recomended-action-logoRecommended Actions

Apply the appropriate patch from the vendor or upgrade to a non-vulnerable version if available.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)