From; Panda Oxygen3: "Art is one of the means of communication between man and man." Leon Tolstoy (1828-1910), Russian writer. - Buffer overflow in telnet clients - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) Madrid, March 30, 2005 - According to the bulletins published by iDEFENSE, two buffer overflow vulnerabilities have been detected in various implementations of the telnet client, including Sun Solaris and MIT Kerberos implementations, which could be exploited to compromise systems. The functions affected by these buffer overflow vulnerabilities are slc_add_reply() and env_opt_add(). Remote exploitation of these buffer overflows could allow the execution of arbitrary code with the same privileges as the user that started the telnet client. These attacks can be mitigated, as for the attacks to be successful, the victim user must connect to the attacking server and due to the characteristics of the telnet service, users normally connect to trusted servers. However, it may be possible to cause the telnet client to automatically connect to a certain server by simply viewing a web page that includes a connection link, increasing the risk of falling victim to this type of attack. The attacker could send the malicious web page via email or trick the user into viewing it. More details about these vulnerabilities, the telnet clients affected and the vendor's response to correct or prevent these attacks are available at: http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities ------------------------------------------------------------ The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's free online scanner: 1) Mhtredir.gen; 2)Netsky.P; 3)Downloader.GK; 4)Shinwow.E; 5)Sdbot.ftp. ------------------------------------------------------------ To contact with Panda Software, please visit: http://www.pandasoftware.com/about/contact/ ------------------------------------------------------------ *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member