Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Arch Linux: ASA-202106-20 High Severity: Inetutils Arbitrary Execution

Archlinux Large Esm H446
The package inetutils before version 2.0-1 is vulnerable to arbitrary code execution.
Arch Linux Security Advisory ASA-202106-20
=========================================
Severity: High
Date    : 2021-06-09
CVE-ID  : CVE-2019-0053 CVE-2020-10188
Package : inetutils
Type    : arbitrary code execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1003

Summary
======
The package inetutils before version 2.0-1 is vulnerable to arbitrary
code execution.

Resolution
=========
Upgrade to 2.0-1.

# pacman -Syu "inetutils>=2.0-1"

The problems have been fixed upstream in version 2.0.

Workaround
=========
None.

Description
==========
- CVE-2019-0053 (arbitrary code execution)

inetutils before version 1.9.4.90 contains a stack overflow
vulnerability in the client-side environment variable handling which
can be exploited to escape restricted shells on embedded devices. A
stack-based overflow is present in the handling of environment
variables when connecting  telnet.c to remote telnet servers through
oversized DISPLAY arguments.

- CVE-2020-10188 (arbitrary code execution)

A vulnerability was found in inetutils before version 1.9.4.91 where
incorrect bounds checks in the telnet server’s (telnetd) handling of
short writes and urgent data could lead to information disclosure and
corruption of heap data. An unauthenticated remote attacker could
exploit these bugs by sending specially crafted telnet packets to
achieve arbitrary code execution in the telnet server.

Impact
=====
Requesting environment variables with crafted contents could lead to
arbitrary code execution in a telnet client. Additionally an
unauthenticated remote attacker could execute arbitrary code on a
telnet server via crafted packets.

References
=========
https://bugs.archlinux.org/task/70040
https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/inetutils-telnet.txt


https://bugzilla.redhat.com/show_bug.cgi?id=1811673

https://security.archlinux.org/CVE-2019-0053
https://security.archlinux.org/CVE-2020-10188