VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 20, 2005· Updated Apr 16, 2026

CVE-2005-2040

CVE-2005-2040

Description

Buffer overflows in Heimdal's telnetd getterminaltype function allow remote code execution before version 0.6.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Buffer overflows in Heimdal's telnetd getterminaltype function allow remote code execution before version 0.6.5.

Vulnerability

Multiple buffer overflow vulnerabilities exist in the getterminaltype function of the telnetd server in Heimdal versions prior to 0.6.5. These overflows can be triggered when processing terminal type information during telnet negotiations. The vulnerable code path is reachable without authentication, as telnetd typically accepts connections from any remote host. [2][3]

Exploitation

An attacker can exploit these vulnerabilities by connecting to the telnetd service and sending a specially crafted terminal type string. No authentication is required, and the attacker only needs network access to the telnet port (usually TCP 23). The crafted input causes a buffer overflow, potentially leading to code execution. [2][3]

Impact

Successful exploitation allows remote attackers to execute arbitrary code with the privileges of the telnetd process, typically root. This results in full compromise of the affected system, including unauthorized access, data disclosure, and potential further propagation. [2][3]

Mitigation

The vulnerabilities are fixed in Heimdal version 0.6.5 and later. Users should upgrade to the latest version. For example, Gentoo users should emerge >=app-crypt/heimdal-0.6.5. [3] No workarounds are available. [3]

References
  1. Security - Support
  2. Buffer overflow vulnerabilities (GLSA 200506-24) — Gentoo security

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

14
  • Telnetd/Telnetd13 versions
    cpe:2.3:a:telnetd:telnetd:0.3f:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:telnetd:telnetd:0.3f:*:*:*:*:*:*:*
    • cpe:2.3:a:telnetd:telnetd:0.4a:*:*:*:*:*:*:*
    • cpe:2.3:a:telnetd:telnetd:0.4b:*:*:*:*:*:*:*
    • cpe:2.3:a:telnetd:telnetd:0.4c:*:*:*:*:*:*:*
    • cpe:2.3:a:telnetd:telnetd:0.4d:*:*:*:*:*:*:*
    • cpe:2.3:a:telnetd:telnetd:0.4e:*:*:*:*:*:*:*
    • cpe:2.3:a:telnetd:telnetd:0.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:telnetd:telnetd:0.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:telnetd:telnetd:0.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:telnetd:telnetd:0.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:telnetd:telnetd:0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:telnetd:telnetd:0.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:telnetd:telnetd:0.6.2:*:*:*:*:*:*:*
  • Heimdal/Heimdalllm-fuzzy
    Range: <0.6.5

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.