Debian: 'netkit-telnet' buffer overflow

    Date10 Aug 2001
    CategoryDebian
    2358
    Posted ByLinuxSecurity Advisories
    The telnet daemon contained in the netkit-telnet_0.16-4potato1 package in the 'stable' (potato) distribution of Debian GNU/Linux is vulnerable to an exploitable overflow in its output handling.
    
    ------------------------------------------------------------------------
    Debian Security Advisory DSA-070-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                    Robert van der Meulen
    August 10, 2001
    ------------------------------------------------------------------------
    
    
    Package        : netkit-telnet
    Problem type   : remote exploit
    Debian-specific: no
    
    The telnet daemon contained in the netkit-telnet_0.16-4potato1 package in
    the 'stable' (potato) distribution of Debian GNU/Linux is vulnerable to an
    exploitable overflow in its output handling.
    The original bug was found by <This email address is being protected from spambots. You need JavaScript enabled to view it.>, and announced to
    bugtraq on Jul 18 2001. At that time, netkit-telnet versions after 0.14 were
    not believed to be vulnerable.
    On Aug 10 2001, zen-parse posted an advisory based on the same problem, for
    all netkit-telnet versions below 0.17.
    More details can be found on  http://www.securityfocus.com/archive/1/203000 .
    As Debian uses the 'telnetd' user to run in.telnetd, this is not a remote
    root compromise on Debian systems; the 'telnetd' user can be compromised.
    
    We strongly advise you update your netkit-telnet packages to the versions
    listed below.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    
    Debian GNU/Linux 2.2 alias potato
    ---------------------------------
    
      Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
    
      Source archives:
        
    http://security.debian.org/dists/stable/updates/main/source/netkit-telnet_0.16-4potato.2.diff.gz
          MD5 checksum: 7da3f346ec6f75cf9069a60627b5d846
         http://security.debian.org/dists/stable/updates/main/source/netkit-telnet_0.16.orig.tar.gz
          MD5 checksum: d829b432eec6a2ff0d866869445f1303
         http://security.debian.org/dists/stable/updates/main/source/netkit-telnet_0.16-4potato.2.dsc
          MD5 checksum: 197bce85871845b0223b4fa9038c1cb3
    
      Alpha architecture:
        
    http://security.debian.org/dists/stable/updates/main/binary-alpha/telnet_0.16-4potato.2_alpha.deb
          MD5 checksum: 8baae434348115c1a261858b851b3771
        
    http://security.debian.org/dists/stable/updates/main/binary-alpha/telnetd_0.16-4potato.2_alpha.deb
          MD5 checksum: f54812129a40d2c2df3d17817612274b
    
      ARM architecture:
         http://security.debian.org/dists/stable/updates/main/binary-arm/telnet_0.16-4potato.2_arm.deb
          MD5 checksum: 0e0c673d7b4ec972c7206c8d3d7c33b6
         http://security.debian.org/dists/stable/updates/main/binary-arm/telnetd_0.16-4potato.2_arm.deb
          MD5 checksum: 8c6c832af4b2aa002fe5e7d28a9fe862
    
      Intel IA-32 architecture:
         http://security.debian.org/dists/stable/updates/main/binary-i386/telnet_0.16-4potato.2_i386.deb
          MD5 checksum: 9bdc63c4b0dee55a5ded30203edfd619
        
    http://security.debian.org/dists/stable/updates/main/binary-i386/telnetd_0.16-4potato.2_i386.deb
          MD5 checksum: a65483b5f60a14b69ef81e51a596bd84
    
     Motorola 680x0 architecture:
         http://security.debian.org/dists/stable/updates/main/binary-m68k/telnet_0.16-4potato.2_m68k.deb
          MD5 checksum: 93ddab1a31a37cc9495d0432cb05ff4e
        
    http://security.debian.org/dists/stable/updates/main/binary-m68k/telnetd_0.16-4potato.2_m68k.deb
          MD5 checksum: 487c5b972e568d7dff4e2ad71349dc57
    
      PowerPC architecture:
        
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/telnet_0.16-4potato.2_powerpc.de
    b
          MD5 checksum: 7e3d66416e88aa069d15d1cef64974b3
        
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/telnetd_0.16-4potato.2_powerpc.d
    eb
          MD5 checksum: 2738a29f80edeabc9fa7109253364dd0
    
      Sun Sparc architecture:
        
    http://security.debian.org/dists/stable/updates/main/binary-sparc/telnet_0.16-4potato.2_sparc.deb
          MD5 checksum: fef54ee3d64113ff1cdb0d9f4437f34e
        
    http://security.debian.org/dists/stable/updates/main/binary-sparc/telnetd_0.16-4potato.2_sparc.deb
          MD5 checksum: 91469be1ac617b246e459210a11aca8e
    
      These packages will be moved into the stable distribution on its next
      revision.
    
    For not yet released architectures please refer to the appropriate
    directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
    
    --
    ----------------------------------------------------------------------------
    apt-get: deb  http://security.debian.org/ stable/updates main
    dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.