[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
telnetd security vulnerability CVE-2020-10188
From: |
Guillem Jover |
Subject: |
telnetd security vulnerability CVE-2020-10188 |
Date: |
Wed, 8 Apr 2020 13:41:58 +0200 |
Hi!
I've been notified of a security vulnerability in inetutils telnetd,
which was reported initially against netkit-telnet, but that one has
been fixed in Debian for a very long time (around two decades ago [N]).
But the code inherited from the BSDs seems to still be around in
inetutils. I've not yet read the disclosure in detail (it's rather
long), and only checked the code superficially. But run the PoC
exploit on a VM, and while I think the memory layout is different
which makes it trigger the assert, it looks like inetutils telnetd
implementation is still vulnerable?
[N] https://bugs.debian.org/953478
I don't think I'll have time to dig into this quickly so I'd
appreciate if someone else could have a peek?
The relevant information is:
Debian inetutils report <https://bugs.debian.org/956084>
<https://security-tracker.debian.org/tracker/CVE-2020-10188>
<https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html>
PoC exploit:
<https://raw.githubusercontent.com/immunityinc/bravestarr/master/bravestarr.py>
Thanks,
Guillem
- telnetd security vulnerability CVE-2020-10188,
Guillem Jover <=