TELNET Options Overflow (Response)
This signature detects attempts to exploit a known vulnerability against the BSD-based TELNET daemon. The option processing function (telrcv) in the daemon produces responses with a fixed size buffer, but does not perform bounds checking. Attackers can send a combination of TELNET protocol options to the daemon to overflow the buffer and execute arbitrary commands.
Extended Description
A boundary condition error exists in telnet daemons derived from the BSD telnet daemon. Under certain circumstances, the buffer overflow can occur when a combination of telnet protocol options are received by the daemon. The function responsible for processing the options prepares a response within a fixed sized buffer, without performing any bounds checking. This vulnerability is now being actively exploited. A worm is known to be circulating around the Internet.
Affected Products
Cisco catalyst_5000,Openbsd openbsd
Short Name
TELNET:OVERFLOW:OPTIONS-REPLY
Severity
Major
Recommended
False
Recommended Action
Drop
Category
TELNET
Keywords
(Response) CA-2001-21 CVE-2001-0554 Options Overflow TELNET bid:3064
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Sco
Cisco
Ibm
Netkit
Hp
Debian
Sgi
Freebsd
Sun
Bsd
Openbsd
Netbsd
Mit
CVSS Score
10.0