CVE-2016-7115

NameCVE-2016-7115
DescriptionBuffer overflow in the handle_packet function in mactelnet.c in the client in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to execute arbitrary code via a long string in an MT_CPTYPE_PASSSALT control packet.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-639-1
NVD severityhigh (attack range: remote)
Debian Bugs836320

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mactelnet (PTS)jessie0.4.0-1+deb8u1fixed
buster, sid, stretch0.4.4-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mactelnetsource(unstable)0.4.4-4high836320
mactelnetsourcejessie0.4.0-1+deb8u1high
mactelnetsourcewheezy0.3.4-1+deb7u1highDLA-639-1

Notes

https://github.com/haakonnessjoen/MAC-Telnet/commit/b69d11727d4f0f8cf719c79e3fb700f55ca03e9a

Search for package or bug name: Reporting problems