CVE-2005-0468
NCSA Telnet - Remote Code Execution via Heap-Based Buffer Overflow in env_opt_add
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2005-0468. PoCs published by Gael Delalleau.
AI-analyzed exploit summary This exploit leverages a buffer overflow in the 'env_opt_add()' function of multiple vendors' Telnet clients by sending a maliciously crafted response to trigger arbitrary code execution. The Perl one-liner generates a payload that exploits the vulnerability when a user connects to a malicious Telnet server.
Description
Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated.
Exploits (1)
This exploit leverages a buffer overflow in the 'env_opt_add()' function of multiple vendors' Telnet clients by sending a maliciously crafted response to trigger arbitrary code execution. The Perl one-liner generates a payload that exploits the vulnerability when a user connects to a malicious Telnet server.