Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2001-0554 — Classic Buffer Overflow in Linux
Severity
10.0CRITICALNVD
EPSS
16.7%
top 5.06%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedAug 14
Latest updateMay 3
Description
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
CVSS vector
AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0
Affected Packages8 packages
Also affects: Netbsd 1.0, 1.1, 1.2, 1.2.1, 1.3, 1.3.1, 1.3.2, 1.3.3, 1.4, 1.4.1, 1.4.2, 1.4.3, 1.5, 1.5.1, Freebsd 2.0, 2.0.1, 2.0.5, 2.1, 2.1.0, 2.1.5, 2.1.6, 2.1.6.1, 2.1.7, 2.1.7.1, 2.2, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.5.1, 4.0, 4.1, 4.1.1, 4.2, 4.3, Debian Linux 2.2
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-cxg3-hwc8-9mx4: Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of opt↗2022-05-03
CVEList▶
CVE-2001-0554: Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of opt↗2002-03-09
💥Exploits & PoCs
1Exploit-DB▶
Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Remote Buffer Overflow↗2001-07-18