CVE-2005-0468

Publication date 2 May 2005

Last updated 24 July 2024

Ubuntu priority

Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
krb4	7.04 feisty	Not in release
	6.10 edgy	Fixed 1.2.2-11.3ubuntu4
	6.06 LTS dapper	Fixed 1.2.2-11.3ubuntu4
krb5	7.04 feisty	Fixed 1.4.4-5ubuntu3.3
	6.10 edgy	Fixed 1.4.3-9ubuntu1.5
	6.06 LTS dapper	Fixed 1.4.3-5ubuntu0.6
netkit-telnet	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-224-1
Kerberos vulnerabilities
6 December 2005

Other references

https://www.cve.org/CVERecord?id=CVE-2005-0468