Hi! I've been notified of a security vulnerability in inetutils telnetd, which was reported initially against netkit-telnet, but that one has been fixed in Debian for a very long time (around two decades ago [N]). But the code inherited from the BSDs seems to still be around in inetutils. I've not yet read the disclosure in detail (it's rather long), and only checked the code superficially. But run the PoC exploit on a VM, and while I think the memory layout is different which makes it trigger the assert, it looks like inetutils telnetd implementation is still vulnerable?
[N] https://bugs.debian.org/953478 I don't think I'll have time to dig into this quickly so I'd appreciate if someone else could have a peek? The relevant information is: Debian inetutils report <https://bugs.debian.org/956084> <https://security-tracker.debian.org/tracker/CVE-2020-10188> <https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html> PoC exploit: <https://raw.githubusercontent.com/immunityinc/bravestarr/master/bravestarr.py> Thanks, Guillem
