netkit telnetd nextitem vulnerability

Added: 03/24/2020

Background

netkit telnetd is a server implementation of the Telnet protocol which comes with many Linux and Unix operating systems.

Problem

An unbounded read and write condition in the nextitem function allows remote attackers to execute arbitrary commands on the server.

Resolution

Apply a fix from the operating system vendor when available or disable the Telnet service.

References

https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html

Limitations

Exploit works on Fedora 31 netkit-telnet-0.17 with SELinux disabled.

Platforms

Linux

Back to exploit index