{
  "threat_severity" : "Important",
  "public_date" : "2020-02-28T00:00:00Z",
  "bugzilla" : {
    "description" : "telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code",
    "id" : "1811673",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1811673"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-119",
  "details" : [ "utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.", "A vulnerability was found where incorrect bounds checks in the telnet server’s (telnetd) handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated remote attacker could exploit these bugs by sending specially crafted telnet packets to achieve arbitrary code execution in the telnet server." ],
  "statement" : "This vulnerability exists in the `telnet-server` package, not in the `telnet` client-side package. For a Red Hat Enterprise Linux host to be vulnerable, it must have telnet-server installed and the telnetd service enabled.  Use of telnetd is not recommended, as it is an un-encrypted protocol with cleartext transmission of passwords; alternatives such as openssh are preferred.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2020-04-06T00:00:00Z",
    "advisory" : "RHSA-2020:1335",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "telnet-1:0.17-49.el6_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2020-04-07T00:00:00Z",
    "advisory" : "RHSA-2020:1349",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "krb5-appl-0:1.0.1-10.el6_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-04-06T00:00:00Z",
    "advisory" : "RHSA-2020:1334",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "telnet-1:0.17-65.el7_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)",
    "release_date" : "2022-01-04T00:00:00Z",
    "advisory" : "RHSA-2022:0011",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.6",
    "package" : "telnet-1:0.17-65.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Telco Extended Update Support",
    "release_date" : "2022-01-04T00:00:00Z",
    "advisory" : "RHSA-2022:0011",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.6",
    "package" : "telnet-1:0.17-65.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions",
    "release_date" : "2022-01-04T00:00:00Z",
    "advisory" : "RHSA-2022:0011",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.6",
    "package" : "telnet-1:0.17-65.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Advanced Update Support",
    "release_date" : "2022-01-18T00:00:00Z",
    "advisory" : "RHSA-2022:0158",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.7",
    "package" : "telnet-1:0.17-65.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Telco Extended Update Support",
    "release_date" : "2022-01-18T00:00:00Z",
    "advisory" : "RHSA-2022:0158",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.7",
    "package" : "telnet-1:0.17-65.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions",
    "release_date" : "2022-01-18T00:00:00Z",
    "advisory" : "RHSA-2022:0158",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.7",
    "package" : "telnet-1:0.17-65.el7_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-04-06T00:00:00Z",
    "advisory" : "RHSA-2020:1318",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "telnet-1:0.17-73.el8_1.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
    "release_date" : "2020-04-07T00:00:00Z",
    "advisory" : "RHSA-2020:1342",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.0",
    "package" : "telnet-1:0.17-73.el8_0.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "telnet",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-10188\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10188" ],
  "name" : "CVE-2020-10188",
  "mitigation" : {
    "value" : "When in enforcing mode, SELinux as configured in Red Hat Enterprise Linux provides some mitigation against an exploit for telnet-server, because it limits the kind of operations it can perform and programs that can be run from the telnet-server's context.",
    "lang" : "en:us"
  },
  "csaw" : false
}