Vulnerability Note VU#995038

Debian Linux Netkit telnetd-ssl contains a format string vulnerability

Original Release date: 13 Jan 2005 | Last revised: 01 Feb 2005

Overview

Debian Linux Netkit telnetd-ssl contains a format string vulnerability that may allow a remote attacker to execute arbitrary code.

Description

An unspecified format string vulnerability in Debian Linux Netkit telnetd-ssl may allow a remote attacker to execute arbitrary code on a vulnerable system. According to public reports, exploitation occurs when telnetd-ssl attempts to process specially crafted SSL error messages. No further details are available at this time.

Impact

A remote attacker may be able to execute arbitrary code on a vulnerable system.

Solution

Upgrade

This problem has been addressed in Debian Linux version 0.17.17+0.1-2woody3 of the stable distribution (woody), and version 0.17.24+0.1-6 of the unstable distribution (sid). Please see the Debian Security Advisory DSA-616-1 for instructions on how to upgrade.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Debian GNU/LinuxUnknown-01 Feb 2005
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by Joel Eriksson.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: CAN-2004-0998
  • Date Public: 23 Dec 2004
  • Date First Published: 13 Jan 2005
  • Date Last Updated: 01 Feb 2005
  • Severity Metric: 4.30
  • Document Revision: 58

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.