Risk: High
Several high-profile distributors of the BSD derived versions of the Telnet client have rolled out patches for a critical bug that could cause system-hijack attacks.
The bug is a remotely exploitable buffer overflow that could allow the execution of arbitrary code with user privileges.
A successful attacker would have to convince the user to launch a Telnet session with a malicious server. A malicious web page could be designed that could launch the Telnet client on the user's system by clicking a link, or, using the IFRAME tag, by loading the page.
Telnet is a protocol that supports virtual terminal sessions across IP networks including the Internet. The Telnet client program provides the interface for the terminal session to the user.
The vulnerability exists in the main Telnet client program distributed by large numbers of vendors, including MIT's Kerberos network authentication system. It is possible for data of a particular size and nature to overflow a fixed-size buffer.
OpenBSD, MIT, Apple, FreeBSD and many Linux distributions, due to their inclusion of Kerberos, have issued advisories and patches.