Debian Linux Netkit telnetd-ssl contains a format string vulnerability that may allow a remote attacker to execute arbitrary code.
An unspecified format string vulnerability in Debian Linux Netkit telnetd-ssl may allow a remote attacker to execute arbitrary code on a vulnerable system. According to public reports, exploitation occurs when telnetd-ssl attempts to process specially crafted SSL error messages. No further details are available at this time.
A remote attacker may be able to execute arbitrary code on a vulnerable system.
This problem has been addressed in Debian Linux version 0.17.17+0.1-2woody3 of the stable distribution (woody), and version 0.17.24+0.1-6 of the unstable distribution (sid). Please see the Debian Security Advisory DSA-616-1 for instructions on how to upgrade.
This vulnerability was reported by Joel Eriksson.
This document was written by Jeff Gennari.
|Date First Published:||2005-01-13|
|Date Last Updated:||2005-02-01 21:10 UTC|