CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38336
https://notcve.org/view.php?id=CVE-2023-38336
14 Jul 2023 — netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039689 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-39028 – Ubuntu Security Notice USN-6304-1
https://notcve.org/view.php?id=CVE-2022-39028
30 Aug 2022 — telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not sup... • https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?id=113da8021710d871c7dd72d2a4d5615d42d64289 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 11%CPEs: 361EXPL: 0CVE-2020-10188 – telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code
https://notcve.org/view.php?id=CVE-2020-10188
06 Mar 2020 — utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. El archivo utility.c en telnetd en netkit telnet versiones hasta 0.17, permite a atacantes remotos ejecutar código arbitrario por medio de escrituras cortas o datos urgentes, debido a un desbordamiento del búfer que involucra a las funciones netclear y nextitem. A vulnerability was found where incorre... • https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 1CVE-2019-7283
https://notcve.org/view.php?id=CVE-2019-7283
31 Jan 2019 — An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111. • https://bugs.debian.org/920486 •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 1CVE-2019-7282 – Ubuntu Security Notice USN-5327-1
https://notcve.org/view.php?id=CVE-2019-7282
31 Jan 2019 — In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685. En NetKit hasta la versión 0.17, rcp.c en el cliente rcp permite que los servidores rsh omitan las restricciones de acceso planeadas mediante un nombre de archivo "." o un nombre de archivo vacío. El impacto consiste en modificar los pe... • https://bugs.debian.org/920486 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2007-5769 – netkitftpd-uninit.txt
https://notcve.org/view.php?id=CVE-2007-5769
06 Dec 2007 — Double free vulnerability in the getreply function in ftp.c in netkit ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to cause a denial of service (application crash) and possibly have unspecified other impact via some types of FTP protocol behavior. NOTE: the netkit-ftpd issue is covered by CVE-2007-6263. Una vulnerabilidad de doble liberación en la función getreply en el archivo ftp.c en netkit ftp (netkit-ftp) versión 0.17 20040614 y posteriores, permite que los servidores FTP remotos ... • http://bugs.gentoo.org/show_bug.cgi?id=199206 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 1CVE-2007-6263 – Gentoo Linux Security Advisory 200801-17
https://notcve.org/view.php?id=CVE-2007-6263
06 Dec 2007 — The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue is covered by ... • http://bugs.gentoo.org/show_bug.cgi?id=199206 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-6008 – Gentoo Linux Security Advisory 200611-5
https://notcve.org/view.php?id=CVE-2006-6008
21 Nov 2006 — ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778. ftpd en Linux Netkit (linux-ftpd) 0.17, y posiblemente otras versiones, no comprueba el estado que retornan ciertas llamadas a seteuid, setgid, y setuid, lo cual permite a usuarios rem... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384454 •
CVSS: 9.1EPSS: 0%CPEs: 280EXPL: 0CVE-2005-0178 – Ubuntu Security Notice 82-1
https://notcve.org/view.php?id=CVE-2005-0178
16 Feb 2005 — Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores. The Linux kernel suffers from various flaws. Michael Kerrisk noticed insufficient permission checking in the shmctl() function. OGAWA Hirofumi noticed that the table sizes in nls_ascii.c were incorrectly set to 128 instead of 256. This caused a buffer overflow in some cases which could be exploite... • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 •
CVSS: 10.0EPSS: 3%CPEs: 3EXPL: 0CVE-2004-0640 – iDEFENSE Security Advisory 2004-07-08.t
https://notcve.org/view.php?id=CVE-2004-0640
08 Jul 2004 — Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code. Vulnerabilidad de cadena de formato en la función SSL_set_verify en telnetd.c de SSLtlenet daemon (SSLtelnetd) 0.13 permite a atacantes remotos ejecutar código de su elección. iDEFENSE Security Advisory 07.08.04: SSLtelnet contains a format string vulnerability that could allow remote code execution. The problem specifically exists within telnetd.c... • http://www.debian.org/security/2004/dsa-529 •