Name | CVE-2018-20764 |
Description | A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
NOT-FOR-US: BoKS
https://bugzilla.redhat.com/show_bug.cgi?id=1676393
https://community.helpsystems.com/knowledge-base/fox-technologies/hotfix/515/
No specific information is provided, but seems caused by BoKS shipping tcpcrypt setuid