Product : Fedora Core 3
Name : telnet
Version : 0.17
Release : 32.FC3.2
Summary : The client program for the telnet remote login protocol.
Telnet is a popular protocol for logging into remote systems over the
Internet. The telnet package provides a command line telnet client.
Two buffer overflow flaws were discovered in the way the telnet client
handles messages from a server. An attacker may be able to execute
arbitrary code on a victim’s machine if the victim can be tricked into
connecting to a malicious telnet server. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468
and CAN-2005-0469 to these issues.
Red Hat would like to thank iDEFENSE for their responsible disclosure of
* Thu Mar 17 2005 Harald Hoyer - 1:0.17-32.FC3.2
- fixed CAN-2005-468 and CAN-2005-469
* Thu Jan 13 2005 Jason Vas Dias - 1:0.17-31
- bug 143929 / 145004 : fix race condition in telnetd on wtmp lock
- when cleanup() is entered from main process and in signal