CVE-2020-10188

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions netkit-telnet versions 0.17 and earlier

Description The issue is related to a buffer overflow in the netclear and nextitem functions in the telnetd daemon, which can be exploited by remote attackers to execute arbitrary code via short writes or urgent data. This is due to the lack of size checking for input data. The vulnerability can be exploited by adding short records or using the "urgent data" mechanism.

Recommendations For netkit-telnet versions 0.17 and earlier, consider disabling the telnetd service until a patch is available. As a temporary workaround, restrict access to the telnetd daemon to minimize the risk of exploitation. Avoid using the netclear() and nextitem() functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

BDU:2020-03243

CESA-2020_1318

CESA-2020_1335

CESA-2020_1349

CVE-2020-10188

DLA-2176-1

DLA-2341-1

MGASA-2020-0169

MGASA-2020-0211

RHSA-2020:1318

RHSA-2020:1334

RHSA-2020:1335

RHSA-2020:1342

RHSA-2020:1349

RHSA-2020_1318

RHSA-2020_1334

RHSA-2020_1335

RHSA-2020_1349

RHSA-2022:0011

RHSA-2022:0158

SUSE-SU-2020:1533-1

SUSE-SU-2020_1533-1

USN-5048-1

USN-5048-2

USN-7781-1

Affected Products

Centos

Cisco Ios Xe

Junos

Linuxmint

Red Hat

Suse

Ubuntu

Netkit-Telnet

CVE-2020-10188

Weakness Enumeration

Related Identifiers

Affected Products

References · 56