CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#995038

Debian Linux Netkit telnetd-ssl contains a format string vulnerability

Overview

Debian Linux Netkit telnetd-ssl contains a format string vulnerability that may allow a remote attacker to execute arbitrary code.

I. Description

An unspecified format string vulnerability in Debian Linux Netkit telnetd-ssl may allow a remote attacker to execute arbitrary code on a vulnerable system. According to public reports, exploitation occurs when telnetd-ssl attempts to process specially crafted SSL error messages. No further details are available at this time.

II. Impact

A remote attacker may be able to execute arbitrary code on a vulnerable system.

III. Solution

Upgrade

This problem has been addressed in Debian Linux version 0.17.17+0.1-2woody3 of the stable distribution (woody), and version 0.17.24+0.1-6 of the unstable distribution (sid). Please see the Debian Security Advisory DSA-616-1 for instructions on how to upgrade.

Systems Affected

VendorStatusDate Updated
Debian GNU/LinuxUnknown1-Feb-2005

References


http://secunia.com/advisories/13656/
http://www.debian.org/security/2004/dsa-616

Credit

This vulnerability was reported by Joel Eriksson.

This document was written by Jeff Gennari.

Other Information

Date Public12/23/2004
Date First Published01/13/2005 04:33:39 PM
Date Last Updated02/01/2005
CERT Advisory 
CVE NameCAN-2004-0998
Metric4.30
Document Revision58

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2005 Carnegie Mellon University