MIT Kerberos: Advisory on Telnet Remote Code Execution Risks

Attackers could exploit two "serious" security holes in the Telnet program supplied with MIT Kerberos 5 to cause a buffer overflow and launch malicious code, the Massachusetts Institute of Technology's (MIT) Kerberos Team warned in an advisory.

The Telnet protocol allows virtual network terminals to be connected over the Internet and is incorporated into a variety of popular operating systems, from Sun Solaris and Red Hat Enterprise Linux to Apple's Mac OS X.

According to the Kerberos Team, "An attacker controlling or impersonating a Telnet server may execute arbitrary code with the privileges of the user running the Telnet client." The advisory lists fixes that are available.

The link for this article located at SearchSecurity.com is no longer available.