National Vulnerability Database (NVD) National Vulnerability Database (CVE-2001-0554)

National Cyber-Alert System

Vulnerability Summary for CVE-2001-0554

Original release date:08/14/2001

Last revised:09/05/2008

Source: US-CERT/NIST

Overview

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

CERT/CC Advisory: CA-2001-21

Name: CA-2001-21

Type: Advisory; Patch Information

Hyperlink:http://www.cert.org/advisories/CA-2001-21.html

External Source: BID

Name: 3064

Type: Advisory; Patch Information

Hyperlink:http://www.securityfocus.com/bid/3064

External Source: FREEBSD

Name: FreeBSD-SA-01:49

Type: Advisory; Patch Information

Hyperlink:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc

External Source: XF

Name: telnetd-option-telrcv-bo(6875)

Hyperlink:http://xforce.iss.net/static/6875.php

External Source: BUGTRAQ

Name: 20010718 multiple vendor telnet daemon vulnerability

Type: Advisory

Hyperlink:http://www.securityfocus.com/archive/1/197804

External Source: REDHAT

Name: RHSA-2001:100

Hyperlink:http://www.redhat.com/support/errata/RHSA-2001-100.html

External Source: REDHAT

Name: RHSA-2001:099

Hyperlink:http://www.redhat.com/support/errata/RHSA-2001-099.html

External Source: OSVDB

Name: 809

Hyperlink:http://www.osvdb.org/809

External Source: SUSE

Name: SuSE-SA:2001:029

Hyperlink:http://www.novell.com/linux/security/advisories/2001_029_nkitb_txt.html

External Source: MANDRAKE

Name: MDKSA-2001:068

Hyperlink:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-068.php3

External Source: DEBIAN

Name: DSA-075

Hyperlink:http://www.debian.org/security/2001/dsa-075

External Source: DEBIAN

Name: DSA-070

Hyperlink:http://www.debian.org/security/2001/dsa-070

External Source: CISCO

Name: 20020129 Cisco CatOS Telnet Buffer Vulnerability

Hyperlink:http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml

External Source: CIAC

Name: L-131

Hyperlink:http://www.ciac.org/ciac/bulletins/l-131.shtml

External Source: CALDERA

Name: CSSA-2001-030.0

Hyperlink:http://www.calderasystems.com/support/security/advisories/CSSA-2001-030.0.txt

External Source: BUGTRAQ

Name: 20010810 ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow

Hyperlink:http://online.securityfocus.com/archive/1/203000

External Source: BUGTRAQ

Name: 20010725 SCO - Telnetd AYT overflow ?

Hyperlink:http://online.securityfocus.com/archive/1/199541

External Source: BUGTRAQ

Name: 20010725 Telnetd AYT overflow scanner

Hyperlink:http://online.securityfocus.com/archive/1/199496

External Source: IBM

Name: MSS-OAR-E01-2001:298

Hyperlink:http://online.securityfocus.com/advisories/3476

External Source: COMPAQ

Name: SSRT0745U

Hyperlink:http://ftp.support.compaq.com/patches/.new/html/SSRT0745U.shtml

External Source: CONECTIVA

Name: CLA-2001:413

Hyperlink:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000413

External Source: HP

Name: HPSBUX0110-172

Hyperlink:http://archives.neohapsis.com/archives/hp/2001-q4/0014.html

External Source: CALDERA

Name: CSSA-2001-SCO.10

Hyperlink:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt

External Source: SGI

Name: 20010801-01-P

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P

External Source: NETBSD

Name: NetBSD-SA2001-012

Hyperlink:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc

Vulnerable software and versions

Configuration 1

* cpe:/a:mit:kerberos:1.0

* cpe:/a:mit:kerberos:5-1.2

* cpe:/a:mit:kerberos:5-1.2.1

* cpe:/a:mit:kerberos:5-1.2.2

* cpe:/a:mit:kerberos:5_1.1

* cpe:/a:mit:kerberos:5_1.1.1

* cpe:/a:netkit:linux_netkit:0.10

* cpe:/a:netkit:linux_netkit:0.11

* cpe:/a:netkit:linux_netkit:0.12

* cpe:/o:sgi:irix:6.5

Configuration 2

cpe:/o:freebsd:freebsd:2.0

cpe:/o:freebsd:freebsd:2.0.1

cpe:/o:freebsd:freebsd:2.0.5

cpe:/o:freebsd:freebsd:2.1.0

cpe:/o:freebsd:freebsd:2.1.5

cpe:/o:freebsd:freebsd:2.1.6

cpe:/o:freebsd:freebsd:2.1.6.1

cpe:/o:freebsd:freebsd:2.1.7

cpe:/o:freebsd:freebsd:2.1.7.1

cpe:/o:freebsd:freebsd:2.1:stable

cpe:/o:freebsd:freebsd:2.2

cpe:/o:freebsd:freebsd:2.2.1

cpe:/o:freebsd:freebsd:2.2.2

cpe:/o:freebsd:freebsd:2.2.3

cpe:/o:freebsd:freebsd:2.2.4

cpe:/o:freebsd:freebsd:2.2.5

cpe:/o:freebsd:freebsd:2.2.6

cpe:/o:freebsd:freebsd:2.2.7

cpe:/o:freebsd:freebsd:2.2.8

cpe:/o:freebsd:freebsd:2.2:current

cpe:/o:freebsd:freebsd:3.0

cpe:/o:freebsd:freebsd:3.0:releng

cpe:/o:freebsd:freebsd:3.1

cpe:/o:freebsd:freebsd:3.2

cpe:/o:freebsd:freebsd:3.3

cpe:/o:freebsd:freebsd:3.4

cpe:/o:freebsd:freebsd:3.5

cpe:/o:freebsd:freebsd:3.5.1:release

cpe:/o:freebsd:freebsd:3.5.1:stable

cpe:/o:freebsd:freebsd:3.5:stable

cpe:/o:freebsd:freebsd:4.0

cpe:/o:freebsd:freebsd:4.0:alpha

cpe:/o:freebsd:freebsd:4.0:releng

cpe:/o:freebsd:freebsd:4.1

* cpe:/o:freebsd:freebsd:3.5.1

* cpe:/o:freebsd:freebsd:4.1.1

* cpe:/o:freebsd:freebsd:4.2

* cpe:/o:freebsd:freebsd:4.3

* cpe:/o:ibm:aix:4.3

* cpe:/o:ibm:aix:4.3.1

* cpe:/o:ibm:aix:4.3.2

* cpe:/o:ibm:aix:4.3.3

* cpe:/o:ibm:aix:5.1

* cpe:/o:netbsd:netbsd:1.0

* cpe:/o:netbsd:netbsd:1.1

* cpe:/o:netbsd:netbsd:1.2

* cpe:/o:netbsd:netbsd:1.2.1

* cpe:/o:netbsd:netbsd:1.3

* cpe:/o:netbsd:netbsd:1.3.1

* cpe:/o:netbsd:netbsd:1.3.2

* cpe:/o:netbsd:netbsd:1.3.3

* cpe:/o:netbsd:netbsd:1.4

* cpe:/o:netbsd:netbsd:1.4.1

* cpe:/o:netbsd:netbsd:1.4.2

* cpe:/o:netbsd:netbsd:1.4.3

* cpe:/o:netbsd:netbsd:1.5

* cpe:/o:netbsd:netbsd:1.5.1

* cpe:/o:openbsd:openbsd:2.0

* cpe:/o:openbsd:openbsd:2.1

* cpe:/o:openbsd:openbsd:2.2

* cpe:/o:openbsd:openbsd:2.3

* cpe:/o:openbsd:openbsd:2.4

* cpe:/o:openbsd:openbsd:2.5

* cpe:/o:openbsd:openbsd:2.6

* cpe:/o:openbsd:openbsd:2.7

* cpe:/o:openbsd:openbsd:2.8

* cpe:/o:sun:solaris:2.0

* cpe:/o:sun:solaris:2.1

* cpe:/o:sun:solaris:2.2

* cpe:/o:sun:solaris:2.3

* cpe:/o:sun:solaris:2.4

* cpe:/o:sun:solaris:2.5

* cpe:/o:sun:solaris:2.5.1

* cpe:/o:sun:solaris:2.6

* cpe:/o:sun:solaris:7.0

* cpe:/o:sun:solaris:8.0

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0554