CVE-2019-0053 - log back

CVE-2019-0053 edited at 09 Jun 2021 08:26:28
Description
- inetutils before version 1.9.4.90 contains a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. A stack-based overflow is present in the handling of environment variables when connecting telnet.c to remote telnet servers through oversized DISPLAY arguments.
+ inetutils before version 1.9.4.90 contains a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. A stack-based overflow is present in the handling of environment variables when connecting telnet.c to remote telnet servers through oversized DISPLAY arguments.
CVE-2019-0053 edited at 02 Feb 2021 20:47:04
Description
- inetutils <= 1.9.7 contains a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. A stack-based overflow is present in the handling of environment variables when connecting telnet.c to remote telnet servers through oversized DISPLAY arguments.
+ inetutils before version 1.9.4.90 contains a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. A stack-based overflow is present in the handling of environment variables when connecting telnet.c to remote telnet servers through oversized DISPLAY arguments.
References
https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/inetutils-telnet.txt
+ https://git.savannah.gnu.org/gitweb/?p=inetutils.git;a=commitdiff;h=1480573a908254662074865406ac6fbde4694e5d
+ https://git.savannah.gnu.org/gitweb/?p=inetutils.git;a=commitdiff;h=07fdb4201a3a5e6df92c0929c65671ce4ba8af5a
CVE-2019-0053 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ inetutils <= 1.9.7 contains a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. A stack-based overflow is present in the handling of environment variables when connecting telnet.c to remote telnet servers through oversized DISPLAY arguments.
References
+ https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/inetutils-telnet.txt
Notes