Issued:
2005-06-14
Updated:
2005-06-14

RHSA-2005:504 - Security Advisory

Synopsis

telnet security update

Type/Severity

Security Advisory: Moderate

Topic

Updated telnet packages that fix an information disclosure issue are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The telnet package provides a command line telnet client.

Gael Delalleau discovered an information disclosure issue in the way the
telnet client handles messages from a server. An attacker could construct
a malicious telnet server that collects information from the environment of
any victim who connects to it. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2005-0488 to this issue.

Users of telnet should upgrade to this updated package, which contains a
backported patch to correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Server 2 ia64
  • Red Hat Enterprise Linux Server 2 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Workstation 2 ia64
  • Red Hat Enterprise Linux Workstation 2 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

  • BZ - 159297 - CAN-2005-0488 telnet Information Disclosure Vulnerability

CVEs

References

(none)

Red Hat Enterprise Linux Server 4

SRPM
x86_64
telnet-0.17-31.EL4.3.x86_64.rpm SHA-256: a74cd05c6474f5fe0b632d13def1eb2530c94ddfb2760bc87fcd09a32d48d97f
telnet-0.17-31.EL4.3.x86_64.rpm SHA-256: a74cd05c6474f5fe0b632d13def1eb2530c94ddfb2760bc87fcd09a32d48d97f
telnet-server-0.17-31.EL4.3.x86_64.rpm SHA-256: c8d950147125a9528ea6d29116263056990fdba57a0bbb63993c36aa14fd836a
telnet-server-0.17-31.EL4.3.x86_64.rpm SHA-256: c8d950147125a9528ea6d29116263056990fdba57a0bbb63993c36aa14fd836a
ia64
telnet-0.17-31.EL4.3.ia64.rpm SHA-256: e4213eaf918e099ce4f19a3c4ecb49826d25a893c3e8fc987a323c3098f81380
telnet-0.17-31.EL4.3.ia64.rpm SHA-256: e4213eaf918e099ce4f19a3c4ecb49826d25a893c3e8fc987a323c3098f81380
telnet-server-0.17-31.EL4.3.ia64.rpm SHA-256: d5dd1faa5e93a91c190fee53ab9321cc6239128ba7398a92711b04fe3dfaf6a9
telnet-server-0.17-31.EL4.3.ia64.rpm SHA-256: d5dd1faa5e93a91c190fee53ab9321cc6239128ba7398a92711b04fe3dfaf6a9
i386
telnet-0.17-31.EL4.3.i386.rpm SHA-256: 97aef6811b71b11e46d866e544bb5adb00c7421bda3bfffaa212b8b1fa0af37c
telnet-0.17-31.EL4.3.i386.rpm SHA-256: 97aef6811b71b11e46d866e544bb5adb00c7421bda3bfffaa212b8b1fa0af37c
telnet-server-0.17-31.EL4.3.i386.rpm SHA-256: dbd65c495697692790342bf2442555d62fdf9d93790c99fed20048673445eb80
telnet-server-0.17-31.EL4.3.i386.rpm SHA-256: dbd65c495697692790342bf2442555d62fdf9d93790c99fed20048673445eb80

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
telnet-0.17-31.EL4.3.x86_64.rpm SHA-256: a74cd05c6474f5fe0b632d13def1eb2530c94ddfb2760bc87fcd09a32d48d97f
telnet-server-0.17-31.EL4.3.x86_64.rpm SHA-256: c8d950147125a9528ea6d29116263056990fdba57a0bbb63993c36aa14fd836a
ia64
telnet-0.17-31.EL4.3.ia64.rpm SHA-256: e4213eaf918e099ce4f19a3c4ecb49826d25a893c3e8fc987a323c3098f81380
telnet-server-0.17-31.EL4.3.ia64.rpm SHA-256: d5dd1faa5e93a91c190fee53ab9321cc6239128ba7398a92711b04fe3dfaf6a9
i386
telnet-0.17-31.EL4.3.i386.rpm SHA-256: 97aef6811b71b11e46d866e544bb5adb00c7421bda3bfffaa212b8b1fa0af37c
telnet-server-0.17-31.EL4.3.i386.rpm SHA-256: dbd65c495697692790342bf2442555d62fdf9d93790c99fed20048673445eb80

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
telnet-0.17-31.EL4.3.x86_64.rpm SHA-256: a74cd05c6474f5fe0b632d13def1eb2530c94ddfb2760bc87fcd09a32d48d97f
telnet-server-0.17-31.EL4.3.x86_64.rpm SHA-256: c8d950147125a9528ea6d29116263056990fdba57a0bbb63993c36aa14fd836a
i386
telnet-0.17-31.EL4.3.i386.rpm SHA-256: 97aef6811b71b11e46d866e544bb5adb00c7421bda3bfffaa212b8b1fa0af37c
telnet-server-0.17-31.EL4.3.i386.rpm SHA-256: dbd65c495697692790342bf2442555d62fdf9d93790c99fed20048673445eb80

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
s390x
telnet-0.17-31.EL4.3.s390x.rpm SHA-256: 7f8bc8b3218393832c2f507776be8f0ba8debc204948cb4100183472c4eb02b2
telnet-server-0.17-31.EL4.3.s390x.rpm SHA-256: a22f6d5d64b8c7d0f8559661d9d85d699904e8ba8060fd58a824978f630f5298
s390
telnet-0.17-31.EL4.3.s390.rpm SHA-256: 1d1a6c59b2a71f334f5448f583b91248562f19fe1148e0498b37f500f267a0a6
telnet-server-0.17-31.EL4.3.s390.rpm SHA-256: 0910a469adafcb7d2a27f1e538709592c6658f307cc1c8548365015456c99670

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
telnet-0.17-31.EL4.3.ppc.rpm SHA-256: 71d41cf3288b97d1ba8b47ad3802abc355632581e8f9e39928f913cfd9f15f0c
telnet-server-0.17-31.EL4.3.ppc.rpm SHA-256: 96249e051bc18dcf07dfb5e5ac5a09d02d9b0e90d5399607d96acc6410daa801

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.