Bugzilla – Bug 59563
VUL-0: CVE-2001-0554: telnet: Question about old telnet cert advisory
Last modified: 2021-09-26 10:28:15 UTC
Request from: mkprice@us.ibm.com --8<-- PRODUCT: SLES S/390 8 ( Please ignore if my previous attempt at creating this request succeeded ) . We have a customer who has recently purchased a network vulnerability tool from xforce. When he runs this on his SLES8 SP3 system, he gets a warning that the system is suffering from the TelnetdOptionTelrcvBo problem. This keyword appears to be uniquely associated with CVE-2001-0554 ( CERT 745371 ) - an old buffer overflow issue with telnetd. The security advisory preceeds SLES8; and the patch for the problem appears in the version of telnet-server that the customer is running ( telnet-server-1.0-140 ) . Furthermore, we cannot recreate CERT 745371 here in house. We are attempting to speak with xforce to find out why their product is producing this warning message; but because the customer is so anxious about this, I promised that I was enquire from SuSE if you are aware of any outstanding buffer overflow problems with the current version of telnet-server. -->8--
<!-- SBZ_reproduce --> Not sure wheter we provide such information at all. But a statement would be appreciated.
Good old times. :) This bug was fixed by Thorsten 3 years ago when this issue came up: ------------------------------------------------------------------- Tue Aug 14 13:54:53 CEST 2001 - kukuk@suse.de - Add more fixes for possible security problems ------------------------------------------------------------------- Fri Jul 27 11:09:03 CEST 2001 - kukuk@suse.de - Add fix for possible problems with buffer overruns ------------------------------------------------------------------- Maybe the scanner produces a "False Positive".
Thanks, the customer is satisfied with this response. I will close the report.
CVE-2001-0554: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)