Arch Linux Security Advisory ASA-202106-20 ========================================== Severity: High Date : 2021-06-09 CVE-ID : CVE-2019-0053 CVE-2020-10188 Package : inetutils Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1003 Summary ======= The package inetutils before version 2.0-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 2.0-1. # pacman -Syu "inetutils>=2.0-1" The problems have been fixed upstream in version 2.0. Workaround ========== None. Description =========== - CVE-2019-0053 (arbitrary code execution) inetutils before version 1.9.4.90 contains a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. A stack-based overflow is present in the handling of environment variables when connecting telnet.c to remote telnet servers through oversized DISPLAY arguments. - CVE-2020-10188 (arbitrary code execution) A vulnerability was found in inetutils before version 1.9.4.91 where incorrect bounds checks in the telnet server’s (telnetd) handling of short writes and urgent data could lead to information disclosure and corruption of heap data. An unauthenticated remote attacker could exploit these bugs by sending specially crafted telnet packets to achieve arbitrary code execution in the telnet server. Impact ====== Requesting environment variables with crafted contents could lead to arbitrary code execution in a telnet client. Additionally an unauthenticated remote attacker could execute arbitrary code on a telnet server via crafted packets. References ========== https://bugs.archlinux.org/task/70040 https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/inetutils-telnet.txt https://git.savannah.gnu.org/gitweb/?p=inetutils.git;a=commitdiff;h=1480573a908254662074865406ac6fbde4694e5d https://git.savannah.gnu.org/gitweb/?p=inetutils.git;a=commitdiff;h=07fdb4201a3a5e6df92c0929c65671ce4ba8af5a https://bugzilla.redhat.com/show_bug.cgi?id=1811673 https://git.savannah.gnu.org/gitweb/?p=inetutils.git;a=commitdiff;h=cd7e7e685daeafb68f19347747af6340731a4518 https://security.archlinux.org/CVE-2019-0053 https://security.archlinux.org/CVE-2020-10188