Multiple.Vendor.Telnet.Client.Env.Opt.Add.Buffer.Overflow
Description
This indicates a possible attempt to exploit a Heap Based Buffer overflow vulnerability in the Telnet clients of Multiple vendors.
The vulnerability is due to the failure to boundary check replies to the telnet server when handling a "NEW-ENVIRON" sub option. It may allow an attacker to execute arbitrary code on an affected system by sending response witha large number of characters that require escaping. The attacker would need to convince the victim to connect to a malicious Telnet server.
Affected Products
Multiple vendor Telnet clients such as FreeBSD and derivatives of FreeBSD.
Impact
System Compromise.
Recommended Actions
Apply the appropriate patch from the vendor or upgrade to a non-vulnerable version if available.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |