| Summary: | netkit-telnetd is remotely exploitable (CVE-2020-10188) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | geiger.david68210, herman.viaene, sysadmin-bugs, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://bugs.mageia.org/show_bug.cgi?id=26451 | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | netkit-telnet-0.17-19.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-03-05 13:04:48 CET
David Walser
2020-03-05 13:04:56 CET
Whiteboard:
(none) =>
MGA7TOO > I don't see a purpose in retaining this insecure and unmaintained software
Pretty damning. If it it easy enough to drop from Cauldron, who decides & does that? And what do we do about M7 - how do we alert users (if any)?
And to whom can this be assigned?CC:
(none) =>
lewyssmith
David Walser
2020-03-19 14:48:29 CET
Status comment:
(none) =>
Package should be dropped
David Walser
2020-04-07 15:54:26 CEST
See Also:
(none) =>
https://bugs.mageia.org/show_bug.cgi?id=26451 There may be a fix for this (see Bug 26451). Summary:
netkit-telnetd is remotely exploitable =>
netkit-telnetd is remotely exploitable (CVE-2020-10188)
Lewis Smith
2020-04-07 20:50:18 CEST
CC:
lewyssmith =>
(none) Done for both Cauldron and mga7! CC:
(none) =>
geiger.david68210 Advisory: ======================== Updated netkit-telnetd packages fix security vulnerability: A vulnerability was found where incorrect bounds checks in the telnet server’s (telnetd) handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated remote attacker could exploit these bugs by sending specially crafted telnet packets to achieve arbitrary code execution in the telnet server (CVE-2020-10188). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10188 https://access.redhat.com/errata/RHSA-2020:1349 ======================== Updated packages in core/updates_testing: ======================== netkit-telnet-0.17-18.1.mga7 netkit-telnet-server-0.17-18.1.mga7 from netkit-telnet-0.17-18.1.mga7.src.rpm Whiteboard:
MGA7TOO =>
(none) MGA7-64 Plasma on Lenovo B50. When selecting the updates in MCC I get "The following package has to be removed for others to be upgraded: krb5-appl-clients-1.0.3-10.mga7.x86_64 (due to conflicts with netkit-telnet). Continuing after accepting this. CC:
(none) =>
herman.viaene Installation completes OK. Trying the telnet command: $ telnet <desktop> Trying 192.168.2.1... telnet: connect to address 192.168.2.1: Connection timed out Which is expected as this one has firewall active. Running httpd this laptop and then. $ telnet <laptop> 80 Trying 192.168.2.5... Connected to mach5. Escape character is '^]'. So that one works. But the server side has a telnetd command (unknown service after installation). Tried to run it as command, but got lost in its parrameters. Googled, but what I found is beyond me. Interesting, looks like netkit-telnet-server doesn't ship a way to run it. You can probably steal /etc/xinetd.d/krb5-telnet from krb5-appl-servers and use it to run /usr/sbin/telnetd from netkit-telnet-server through xinetd.
Thomas Backlund
2020-04-15 11:21:56 CEST
Keywords:
(none) =>
advisory @David Checked, there is no such thing as /etc/xinetd.d/krb5-telnet on my system, and xinetd is untrodden territory for me right now. I don(t fancy installing krb5-appl-servers just for the case here and nt really knwing what I am doing. Just push it then. Keywords:
(none) =>
validated_update
Herman Viaene
2020-05-11 08:47:54 CEST
Whiteboard:
(none) =>
MGA7-64-OK An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0211.html Status:
NEW =>
RESOLVED |