"Buffer Overflow Vulnerability in Telnet Daemon"
August 30, 2001
Synopsis: Recently, the cyber security community received numerous reports
of intruders using the buffer overflow vulnerability in the telnet daemon program.
Security organizations, such as CERT/Coordination Center, cited this vulnerability
in a July advisory (http://www.cert.org/advisories/CA-2001-21.html)
outlining the vulnerability and solutions to address this problem. Due to the
increase of these reports and with the activity of a new worm that has targeted
this vulnerability, the NIPC urges the consumers to contact their vendors to
obtain the appropriate fix. This vulnerability has the potential to impact
the victim by allowing an intruder to copy, delete, or execute any program
on the victim's system.
A new worm called "x.c," designed to exploit this vulnerability, has been discovered.
Although that specific worm has been disabled, other malicious code variants
could take advantage of the same vulnerability. Vendor patches are available
and NIPC urges consumers to contact their vendor to obtain the appropriate
fix for their operating system.
This vulnerability affects primarily FreeBSD-derived telnet daemons (including
Solaris, AIX, and several versions of Linux), but some information suggests
other vendors' telnet daemons may also be subject to attack using the same
A list of vulnerable systems, along with links to vendor patches, can be obtained
It is recommended that users of these operating systems check with their vendor
for applicable patches, or disable the telnet daemon entirely.
Further information on the vulnerability can be found at: http://www.cert.org/advisories/CA-2001-21.html http://www.net-security.org/text/bugs/996661549,7633,.shtml
Any information regarding the above worm or any other exploitation of the buffer
overflow vulnerability should be reported to the NIPC or other authorities.
Incidents may be reported online at http://www.nipc.gov/incident/cirr.htm,
directly to the NIPC Watch and Warning Unit at (202) 323-3204/3205/3206 or
nipc.watch@ fbi.gov. Government agencies should report incidents to FedCIRC
at http://www.fedcirc.gov, email@example.com, or 1-888-282-0870.