CVE-2018-20764

NameCVE-2018-20764
DescriptionA buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: remote)

Notes

NOT-FOR-US: BoKS
https://bugzilla.redhat.com/show_bug.cgi?id=1676393
https://community.helpsystems.com/knowledge-base/fox-technologies/hotfix/515/
No specific information is provided, but seems caused by BoKS shipping tcpcrypt setuid

Search for package or bug name: Reporting problems