utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

This issue affects Junos OS 12.3, 12.3X48, 15.1, 15.1X49, 16.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2, 18.2X75, 18.3, 18.4, 19.1, 19.2, 19.3, 19.4, 20.1.

A vulnerability in the telnetd Telnet server allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

This issue only affects systems with inbound Telnet service enabled. SSH service is unaffected by this vulnerability.

This issue affects Juniper Networks Junos OS:

• 12.3 versions prior to 12.3R12-S16;
  
• 12.3X48 versions prior to 12.3X48-D105;
  
• 15.1 versions prior to 15.1R7-S7;
  
• 15.1X49 versions prior to 15.1X49-D220;
  
• 16.1 versions prior to 16.1R7-S8;
  
• 17.2 versions prior to 17.2R3-S4;
  
• 17.2X75 versions prior to 17.2X75-D45;
  
• 17.3 versions prior to 17.3R3-S8;
  
• 17.4 versions prior to 17.4R2-S11, 17.4R3-S2;
  
• 18.1 versions prior to 18.1R3-S10;
  
• 18.2 versions prior to 18.2R3-S5;
  
• 18.2X75 versions prior to 18.2X75-D34, 18.2X75-D41, 18.2X75-D430, 18.2X75-D65;
  
• 18.3 versions prior to 18.3R2-S4, 18.3R3-S3;
  
• 18.4 versions prior to 18.4R2-S5, 18.4R3-S4;
  
• 19.1 versions prior to 19.1R2-S2, 19.1R3-S2;
  
• 19.2 versions prior to 19.2R1-S5, 19.2R2;
  
• 19.3 versions prior to 19.3R2-S3, 19.3R3;
  
• 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3;
  
• 20.1 versions prior to 20.1R1-S2, 20.1R2.
  

Telnet service is enabled via the following configuration stanza:

[system services telnet]

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

Avoid the use of Telnet service. Enable only SSH access for interactive login.

For example:

# delete system services telnet
# set system services ssh
# commit