ASA-2019-00467 – FreeBSD: telnet client multiple vulnerabilities

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00467

Identifier(s)

ASA-2019-00467, CVE-2019-0053, FreeBSD-SA-19:12.telnet

Title

telnet client multiple vulnerabilities

Vendor(s)

The FreeBSD Project

Product(s)

FreeBSD

Affected version(s)

All supported versions of FreeBSD

Fixed version(s)

2019-07-19 15:37:29 UTC (stable/12, 12.0-STABLE)
2019-07-24 12:51:52 UTC (releng/12.0, 12.0-RELEASE-p8)
2019-07-19 15:27:53 UTC (stable/11, 11.2-STABLE)
2019-07-24 12:51:52 UTC (releng/11.2, 11.2-RELEASE-p12)
2019-07-24 12:51:52 UTC (releng/11.3, 11.3-RELEASE-p1)

Proof of concept

Unknown

Description

Insufficient validation of environment variables in the telnet client supplied in FreeBSD can lead to stack-based buffer overflows. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers.

This issue only affects the telnet client. Inbound telnet sessions to telnetd(8) are not affected by this issue.

These buffer overflows may be triggered when connecting to a malicious server, or by an active attacker in the network path between the client and server. Specially crafted TELNET command sequences may cause the execution of arbitrary code with the privileges of the user invoking telnet(1).

Technical details

Unknown

Workaround

Do not use telnet(1) to connect to untrusted machines or over an untrusted network.

Credits

Juniper Networks

Reference(s)

FreeBSD-SA-19:12.telnet
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:12.telnet.asc

telnet.patch
https://security.FreeBSD.org/patches/SA-19:12/telnet.patch

telnet: fix a couple of snprintf() buffer overflows
https://svnweb.freebsd.org/base?view=revision&revision=r350139

Fix multiple telnet client vulnerabilities.
https://svnweb.freebsd.org/base?view=revision&revision=r350281

telnet: fix a couple of snprintf() buffer overflows
https://svnweb.freebsd.org/base?view=revision&revision=r350140

CVE-2019-0053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0053

CVE-2019-0053
https://nvd.nist.gov/vuln/detail/CVE-2019-0053

 

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: August 1, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.