CVE-2001-0554

Name of the Vulnerable Software and Affected Versions krb5-workstation versions 1.1.1 through 1.2.2 krb5-devel versions 1.1.1 through 1.2.2 krb5-configs version 1.1.1 krb5-server versions 1.1.1 through 1.2.2 krb5-libs version 1.1.1 krb5 version 1.1.1 through 1.2.2 telnet version 0.17 telnet-server versions 0.17 through 0.17.6x-18 netkit-telnetd version 0.17-r3 and earlier ssltelnet (affected versions not specified)

Description The issue is related to multiple vulnerabilities in various packages of Red Hat Linux, Gentoo Linux, and Debian GNU/Linux operating systems. These vulnerabilities can be exploited remotely, leading to a breach of confidentiality, integrity, and availability of protected information. A buffer overflow in the BSD-based telnetd telnet daemon allows remote attackers to execute arbitrary commands via a set of options, including AYT (Are You There), which is not properly handled by the telrcv function.

Recommendations For krb5-workstation versions 1.1.1 through 1.2.2, update to a version later than 1.2.2. For krb5-devel versions 1.1.1 through 1.2.2, update to a version later than 1.2.2. For krb5-configs version 1.1.1, update to a version later than 1.1.1. For krb5-server versions 1.1.1 through 1.2.2, update to a version later than 1.2.2. For krb5-libs version 1.1.1, update to a version later than 1.1.1. For krb5 versions 1.1.1 through 1.2.2, update to a version later than 1.2.2. For telnet version 0.17, update to a version later than 0.17. For telnet-server versions 0.17 through 0.17.6x-18, update to a version later than 0.17.6x-18. For netkit-telnetd version 0.17-r3 and earlier, update to a version later than 0.17-r3. For ssltelnet, at the moment, there is no information about a newer version that contains a fix for this vulnerability.