UNIX Authors Rush to Patch Telnet Flaw

Several high-profile distributors of the BSD version of the Telnet protocol have rolled out patches for a critical bug that could cause system-hijack attacks. The bug, which was reported by iDefense Inc., is a remotely exploitable buffer overflow that could allow the execution of arbitrary code with user privileges.

A successful attacker would have to convince the user to launch a Telnet session with a malicious server. A malicious Web page could be designed that could launch the Telnet client on the user's system by clicking a link, or, using the IFRAME tag, by loading the page. Telnet is a protocol that supports virtual terminal sessions across IP networks including the Internet. The Telnet client program provides the interface for the terminal session to the user.

News source: eWeek

Previous Story
Intel withdraws open source license, receives applause
Next Story
Microsoft sues 117 over 'phishing'