-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
--------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Important: telnet security update Advisory ID: RHSA-2005:327-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-327.html Issue date: 2005-03-28 Updated on: 2005-03-28 Product: Red Hat Enterprise Linux CVE Names: CAN-2005-0468 CAN-2005-0469 ---------------------------------------------------------------------
1. Summary:
Updated telnet packages that fix two buffer overflow vulnerabilities are now available.
This update has been rated as having important security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The telnet package provides a command line telnet client. The telnet-server package includes a telnet daemon, telnetd, that supports remote login to the host machine.
Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim's machine if the victim can be tricked into connecting to a malicious telnet server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468 and CAN-2005-0469 to these issues.
Additionally, the following bugs have been fixed in these erratum packages for Red Hat Enterprise Linux 2.1 and Red Hat Enterprise Linux 3:
- telnetd could loop on an error in the child side process
- There was a race condition in telnetd on a wtmp lock on some occasions
- The command line in the process table was sometimes too long and caused bad output from the ps command
- The 8-bit binary option was not working
Users of telnet should upgrade to this updated package, which contains backported patches to correct these issues.
Red Hat would like to thank iDEFENSE for their responsible disclosure of this issue.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
126858 - Too long /proc/X/cmdline: bad ps output when piped to less/more 145004 - telnetd cleanup() race condition with syslog in signal handler 145636 - [PATCH] telnetd loops on child IO error 147003 - [RHEL3] telnetd cleanup() race condition with syslog in signal handler 151297 - CAN-2005-0469 slc_add_reply() Buffer Overflow Vulnerability 151301 - CAN-2005-0468 env_opt_add() Buffer Overflow Vulnerability
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS: telnet-0.17-20.EL2.3.src.rpm 417f308264da21ba52f490671078437d telnet-0.17-20.EL2.3.src.rpm
i386: 9844ce440580371e21adb6e240f7ef32 telnet-0.17-20.EL2.3.i386.rpm 6a8a735c26c81c10fd03d25ed001c89c telnet-server-0.17-20.EL2.3.i386.rpm
ia64: 17e5e124770f7772cf0d4c4e24650b87 telnet-0.17-20.EL2.3.ia64.rpm 94149177b916123e92c80bf5412112fc telnet-server-0.17-20.EL2.3.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS: telnet-0.17-20.EL2.3.src.rpm 417f308264da21ba52f490671078437d telnet-0.17-20.EL2.3.src.rpm
ia64: 17e5e124770f7772cf0d4c4e24650b87 telnet-0.17-20.EL2.3.ia64.rpm 94149177b916123e92c80bf5412112fc telnet-server-0.17-20.EL2.3.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS: telnet-0.17-20.EL2.3.src.rpm 417f308264da21ba52f490671078437d telnet-0.17-20.EL2.3.src.rpm
i386: 9844ce440580371e21adb6e240f7ef32 telnet-0.17-20.EL2.3.i386.rpm 6a8a735c26c81c10fd03d25ed001c89c telnet-server-0.17-20.EL2.3.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS: telnet-0.17-20.EL2.3.src.rpm 417f308264da21ba52f490671078437d telnet-0.17-20.EL2.3.src.rpm
i386: 9844ce440580371e21adb6e240f7ef32 telnet-0.17-20.EL2.3.i386.rpm 6a8a735c26c81c10fd03d25ed001c89c telnet-server-0.17-20.EL2.3.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS: telnet-0.17-26.EL3.2.src.rpm 9d246538ceb4ea06807737bf487bf29d telnet-0.17-26.EL3.2.src.rpm
i386: a1edb03210ac63b30f6332a2e4227dc9 telnet-0.17-26.EL3.2.i386.rpm 6eea6c08ea68f1ea8a177c63016e9935 telnet-server-0.17-26.EL3.2.i386.rpm
ia64: 540dfa1463fb15b035371cb8815c8003 telnet-0.17-26.EL3.2.ia64.rpm cf5ea891b305e4e150b31f012e5bd0b7 telnet-server-0.17-26.EL3.2.ia64.rpm
ppc: 004cd42520a5052fbbf6f150ebec5308 telnet-0.17-26.EL3.2.ppc.rpm 5246c393f0b38a64a47efc8b091d3cc3 telnet-server-0.17-26.EL3.2.ppc.rpm
s390: feb70dd0f45a9e08d5d49fcb773924f2 telnet-0.17-26.EL3.2.s390.rpm 9290204b8e84f96b024ffe98da834174 telnet-server-0.17-26.EL3.2.s390.rpm
s390x: 8d7419651888f9943e82918b73c84b09 telnet-0.17-26.EL3.2.s390x.rpm 6dc6d17c2086c6756a74e9e48552b634 telnet-server-0.17-26.EL3.2.s390x.rpm
x86_64: 7d226b52aae9119e23645d3243bd821c telnet-0.17-26.EL3.2.x86_64.rpm d48f86ee42581c351d565aa78d373204 telnet-server-0.17-26.EL3.2.x86_64.rpm
Red Hat Desktop version 3:
SRPMS: telnet-0.17-26.EL3.2.src.rpm 9d246538ceb4ea06807737bf487bf29d telnet-0.17-26.EL3.2.src.rpm
i386: a1edb03210ac63b30f6332a2e4227dc9 telnet-0.17-26.EL3.2.i386.rpm 6eea6c08ea68f1ea8a177c63016e9935 telnet-server-0.17-26.EL3.2.i386.rpm
x86_64: 7d226b52aae9119e23645d3243bd821c telnet-0.17-26.EL3.2.x86_64.rpm d48f86ee42581c351d565aa78d373204 telnet-server-0.17-26.EL3.2.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS: telnet-0.17-26.EL3.2.src.rpm 9d246538ceb4ea06807737bf487bf29d telnet-0.17-26.EL3.2.src.rpm
i386: a1edb03210ac63b30f6332a2e4227dc9 telnet-0.17-26.EL3.2.i386.rpm 6eea6c08ea68f1ea8a177c63016e9935 telnet-server-0.17-26.EL3.2.i386.rpm
ia64: 540dfa1463fb15b035371cb8815c8003 telnet-0.17-26.EL3.2.ia64.rpm cf5ea891b305e4e150b31f012e5bd0b7 telnet-server-0.17-26.EL3.2.ia64.rpm
x86_64: 7d226b52aae9119e23645d3243bd821c telnet-0.17-26.EL3.2.x86_64.rpm d48f86ee42581c351d565aa78d373204 telnet-server-0.17-26.EL3.2.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS: telnet-0.17-26.EL3.2.src.rpm 9d246538ceb4ea06807737bf487bf29d telnet-0.17-26.EL3.2.src.rpm
i386: a1edb03210ac63b30f6332a2e4227dc9 telnet-0.17-26.EL3.2.i386.rpm 6eea6c08ea68f1ea8a177c63016e9935 telnet-server-0.17-26.EL3.2.i386.rpm
ia64: 540dfa1463fb15b035371cb8815c8003 telnet-0.17-26.EL3.2.ia64.rpm cf5ea891b305e4e150b31f012e5bd0b7 telnet-server-0.17-26.EL3.2.ia64.rpm
x86_64: 7d226b52aae9119e23645d3243bd821c telnet-0.17-26.EL3.2.x86_64.rpm d48f86ee42581c351d565aa78d373204 telnet-server-0.17-26.EL3.2.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS: telnet-0.17-31.EL4.2.src.rpm a3faf4a95d925197b7ec88861a272f68 telnet-0.17-31.EL4.2.src.rpm
i386: c03d8fbd5c1a1dfd334263e034626bef telnet-0.17-31.EL4.2.i386.rpm 095477b3fd6797a4dcb71eaa6fe40fb9 telnet-server-0.17-31.EL4.2.i386.rpm
ia64: c1eaa58f26e47c3c8370ff2189b78b81 telnet-0.17-31.EL4.2.ia64.rpm 3e47cc360ea07b28c16da6fdfb88c39e telnet-server-0.17-31.EL4.2.ia64.rpm
ppc: 22fc96070dc40b3686d23b62f213069c telnet-0.17-31.EL4.2.ppc.rpm 53e773d2752608b0414a8fd0e449c694 telnet-server-0.17-31.EL4.2.ppc.rpm
s390: 8336b046ae91cc296a949ce840858489 telnet-0.17-31.EL4.2.s390.rpm 62fa5b57339984f7903c8c6828cf3907 telnet-server-0.17-31.EL4.2.s390.rpm
s390x: a9687c4c60aa7ce447b322ad15e491e1 telnet-0.17-31.EL4.2.s390x.rpm 624150f3b2bb179af14f89333549baf8 telnet-server-0.17-31.EL4.2.s390x.rpm
x86_64: ba9038dbfdedbf0d064c6b2be18f10e4 telnet-0.17-31.EL4.2.x86_64.rpm 42fc60c48cacc2d40798fc33681bfcd2 telnet-server-0.17-31.EL4.2.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: telnet-0.17-31.EL4.2.src.rpm a3faf4a95d925197b7ec88861a272f68 telnet-0.17-31.EL4.2.src.rpm
i386: c03d8fbd5c1a1dfd334263e034626bef telnet-0.17-31.EL4.2.i386.rpm 095477b3fd6797a4dcb71eaa6fe40fb9 telnet-server-0.17-31.EL4.2.i386.rpm
x86_64: ba9038dbfdedbf0d064c6b2be18f10e4 telnet-0.17-31.EL4.2.x86_64.rpm 42fc60c48cacc2d40798fc33681bfcd2 telnet-server-0.17-31.EL4.2.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: telnet-0.17-31.EL4.2.src.rpm a3faf4a95d925197b7ec88861a272f68 telnet-0.17-31.EL4.2.src.rpm
i386: c03d8fbd5c1a1dfd334263e034626bef telnet-0.17-31.EL4.2.i386.rpm 095477b3fd6797a4dcb71eaa6fe40fb9 telnet-server-0.17-31.EL4.2.i386.rpm
ia64: c1eaa58f26e47c3c8370ff2189b78b81 telnet-0.17-31.EL4.2.ia64.rpm 3e47cc360ea07b28c16da6fdfb88c39e telnet-server-0.17-31.EL4.2.ia64.rpm
x86_64: ba9038dbfdedbf0d064c6b2be18f10e4 telnet-0.17-31.EL4.2.x86_64.rpm 42fc60c48cacc2d40798fc33681bfcd2 telnet-server-0.17-31.EL4.2.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: telnet-0.17-31.EL4.2.src.rpm a3faf4a95d925197b7ec88861a272f68 telnet-0.17-31.EL4.2.src.rpm
i386: c03d8fbd5c1a1dfd334263e034626bef telnet-0.17-31.EL4.2.i386.rpm 095477b3fd6797a4dcb71eaa6fe40fb9 telnet-server-0.17-31.EL4.2.i386.rpm
ia64: c1eaa58f26e47c3c8370ff2189b78b81 telnet-0.17-31.EL4.2.ia64.rpm 3e47cc360ea07b28c16da6fdfb88c39e telnet-server-0.17-31.EL4.2.ia64.rpm
x86_64: ba9038dbfdedbf0d064c6b2be18f10e4 telnet-0.17-31.EL4.2.x86_64.rpm 42fc60c48cacc2d40798fc33681bfcd2 telnet-server-0.17-31.EL4.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0469
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2005 Red Hat, Inc.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFCSGHdXlSAg2UNWIIRAkEaAJ0QNceqbgMTl4za3MIASMeXhVqfjACfVUkk FK0gYsHIZKVqJoUpluWIhRE= =bT/V -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|