Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

SuSE Information for VU#745371

Date Notified:
Date Updated:
Statement Date:
Status Summary:Vulnerable

Vendor Statement

 The 7.x distribution update directories contain update packages for the recently discovered in.telnetd security problem (buffer overflow). While we are working for a solution for the 6.x distribution, the available packages are ready for use. It is recommended to apply these updates as soon as possible. The packages for the 7.1 distribution are called nkitserv.rpm, for 7.2 it's called telnet-server.rpm. The packages for the 6.x distributions prove to worksome because of a much older codebase and changed behaviour of parts of the glibc. We hope to be able to provide a suitable solution soon.
We recommend to disable the telnet service by commenting it out from the /etc/inetd.conf file (with a following "killall -HUP inetd" to make inetd re-read its config file) until an update package for your distribution is available. If you do not need the telnet server service, you should leave the service disabled even if you have applied an update package to your system.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

SuSE has released a security announcement related to this vulnerability. It is located at http://www.suse.com/de/support/security/2001_029_nkitb_txt.txt.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information