CVE-2022-39028: 
NixOS Schwachstellenanalyse und -minderung

CVE-2022-39028 is a vulnerability affecting telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works. The vulnerability was discovered in August 2022 and involves a NULL pointer dereference that can be triggered by sending specific byte sequences (0xff 0xf7 or 0xff 0xf8) to the telnet server (NVD, Debian Tracker).

The vulnerability exists in the telrcv() function within the telnetd component. When processing certain telnet commands (EC - Erase Character or EL - Erase Line), the code attempts to dereference a pointer without first checking if it's NULL. The vulnerability can be triggered by sending two specific byte sequences: either 0xff 0xf7 or 0xff 0xf8. This leads to a NULL pointer dereference and subsequent crash of the telnet daemon (Bug Report).

When exploited, the vulnerability causes the telnetd process to crash due to the NULL pointer dereference. In typical installations where telnetd runs under inetd, the service would remain available but repeated crashes within a short time interval could lead to service termination with an error message "telnet/tcp server failing (looping), service terminated" (Debian LTS).

The issue has been patched in various distributions. Ubuntu has released updates for affected versions (20.04 LTS and 22.04 LTS). For Ubuntu 20.04, the fixed version is 2:1.9.4-11ubuntu0.2, and for Ubuntu 22.04, it's 2:2.2-2ubuntu0.1. The patch involves properly checking for NULL pointers before dereferencing them (Ubuntu Notice).