Debian Security Advisory

DSA-529-1 netkit-telnet-ssl -- format string

Date Reported:

17 Jul 2004

Affected Packages:

netkit-telnet-ssl

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2004-0640.

More information:

"b0f" discovered a format string vulnerability in netkit-telnet-ssl which could potentially allow a remote attacker to cause the execution of arbitrary code with the privileges of the telnet daemon (the 'telnetd' user by default).

For the current stable distribution (woody), this problem has been fixed in version 0.17.17+0.1-2woody1.

For the unstable distribution (sid), this problem has been fixed in version 0.17.24+0.1-2.

We recommend that you update your netkit-telnet-ssl package.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Source:: http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody1.dsc; http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody1.diff.gz; http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1.orig.tar.gz
ARM:: http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_arm.deb; http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_i386.deb; http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_ia64.deb; http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_hppa.deb; http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_m68k.deb; http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_mips.deb; http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_mipsel.deb; http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_powerpc.deb; http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_s390.deb; http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_sparc.deb; http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_sparc.deb

MD5 checksums of the listed files are available in the original advisory.