CVE-2020-10188

high

Published 2020-04-06 · Modified 2020-04-06

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.0

Description

RHSA-2020:1318: telnet security update (Important)

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code Red Hat statement This vulnerability exists in the `telnet-server` package, not in the `telnet` client-side package. For a Red Hat Enterprise Linux host to be vulnerable, it must have telnet-server installed and the telnetd service enabled. Use of telnetd is not recommended, as it is an…

Description

telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code

Red Hat statement

This vulnerability exists in the `telnet-server` package, not in the `telnet` client-side package. For a Red Hat Enterprise Linux host to be vulnerable, it must have telnet-server installed and the telnetd service enabled. Use of telnetd is not recommended, as it is an un-encrypted protocol with cleartext transmission of passwords; alternatives such as openssh are preferred.

CVSS v3: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 6	`telnet-1:0.17-49.el6_10`	RHSA-2020:1335	2020-04-06T00:00:00Z
Red Hat Enterprise Linux 6	`krb5-appl-0:1.0.1-10.el6_10`	RHSA-2020:1349	2020-04-07T00:00:00Z
Red Hat Enterprise Linux 7	`telnet-1:0.17-65.el7_8`	RHSA-2020:1334	2020-04-06T00:00:00Z
Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)	`telnet-1:0.17-65.el7_6`	RHSA-2022:0011	2022-01-04T00:00:00Z
Red Hat Enterprise Linux 7.6 Telco Extended Update Support	`telnet-1:0.17-65.el7_6`	RHSA-2022:0011	2022-01-04T00:00:00Z
Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions	`telnet-1:0.17-65.el7_6`	RHSA-2022:0011	2022-01-04T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support	`telnet-1:0.17-65.el7_7`	RHSA-2022:0158	2022-01-18T00:00:00Z
Red Hat Enterprise Linux 7.7 Telco Extended Update Support	`telnet-1:0.17-65.el7_7`	RHSA-2022:0158	2022-01-18T00:00:00Z
Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions	`telnet-1:0.17-65.el7_7`	RHSA-2022:0158	2022-01-18T00:00:00Z
Red Hat Enterprise Linux 8	`telnet-1:0.17-73.el8_1.1`	RHSA-2020:1318	2020-04-06T00:00:00Z
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions	`telnet-1:0.17-73.el8_0.1`	RHSA-2020:1342	2020-04-07T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 5	`telnet`	Out of support scope

Apply commands

bash fix

Apply RHSA-2020:1335 for Red Hat Enterprise Linux 6

yum update -y telnet
# or:
dnf upgrade -y telnet

OS impact

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

Arch Fixed 1 release

Version	Status	Fixed in
—	Fixed	`2.0-1`

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`2:1.9.4-12`
sid	Fixed	`2:1.9.4-12`
forky	Fixed	`2:1.9.4-12`
bullseye	Fixed	`2:1.9.4-12`
bookworm	Fixed	`2:1.9.4-12`

Red Hat Fixed 1 release

Version	Status	Fixed in
8	Fixed	—

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.