Script telnet-encryption

Script types: portrule
Categories: safe, discovery
Download: https://svn.nmap.org/nmap/scripts/telnet-encryption.nse

Script Summary

Determines whether the encryption option is supported on a remote telnet server. Some systems (including FreeBSD and the krb5 telnetd available in many Linux distributions) implement this option incorrectly, leading to a remote root vulnerability. This script currently only tests whether encryption is supported, not for that particular vulnerability.

References:

• FreeBSD Advisory: http://lists.freebsd.org/pipermail/freebsd-announce/2011-December/001398.html
• FreeBSD Exploit: http://www.exploit-db.com/exploits/18280/
• RedHat Enterprise Linux Advisory: https://rhn.redhat.com/errata/RHSA-2011-1854.html

Example Usage

nmap -p 23 <ip> --script telnet-encryption

Script Output

PORT   STATE SERVICE REASON
23/tcp open  telnet  syn-ack
| telnet-encryption:
|_  Telnet server supports encryption

Requires

• nmap
• shortport
• stdnse
• string
• table

---

Authors:

• Patrik Karlsson
• David Fifield
• Fyodor

License: Same as Nmap--See https://nmap.org/book/man-legal.html