Candidate: CVE-2016-7115
PublicDate: 2016-08-30 17:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7115
 https://github.com/haakonnessjoen/MAC-Telnet/commit/b69d11727d4f0f8cf719c79e3fb700f55ca03e9a
 https://github.com/haakonnessjoen/MAC-Telnet/pull/20
Description:
 Buffer overflow in the handle_packet function in mactelnet.c in the client
 in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to execute
 arbitrary code via a long string in an MT_CPTYPE_PASSSALT control packet.
Ubuntu-Description:
 It was discovered that mactelnet mishandled certain input. If a victim were
 tricked into connecting to a malicious telnet server, a remote, unauthenticated
 attacker could execute arbitrary code.
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_mactelnet:
 upstream: https://github.com/haakonnessjoen/MAC-Telnet/commit/b69d11727d4f0f8cf719c79e3fb700f55ca03e9a
upstream_mactelnet: released (4.0-1+deb8u1, 4.4-4)
precise_mactelnet: released (0.3.4-1+deb7u1build0.12.04.1)
precise/esm_mactelnet: DNE (precise was released [0.3.4-1+deb7u1build0.12.04.1])
trusty_mactelnet: released (0.4.0-1+deb8u1build0.14.04.1)
trusty/esm_mactelnet: DNE (trusty was released [0.4.0-1+deb8u1build0.14.04.1])

vivid/stable-phone-overlay_mactelnet: DNE
vivid/ubuntu-core_mactelnet: DNE
xenial_mactelnet: ignored (end of standard support, was needed)
yakkety_mactelnet: ignored (reached end-of-life)
zesty_mactelnet: ignored (reached end-of-life)
artful_mactelnet: ignored (reached end-of-life)
bionic_mactelnet: not-affected (0.4.4-4)
cosmic_mactelnet: not-affected (0.4.4-4)
disco_mactelnet: not-affected (0.4.4-4)
eoan_mactelnet: not-affected (0.4.4-4)
focal_mactelnet: not-affected (0.4.4-4)
groovy_mactelnet: not-affected (0.4.4-4)
hirsute_mactelnet: not-affected (0.4.4-4)
impish_mactelnet: not-affected (0.4.4-4)
jammy_mactelnet: not-affected (0.4.4-4)
devel_mactelnet: not-affected (0.4.4-4)