Linux Security
    Linux Security
    Linux Security

    Debian: netkit-telnet denial of service real fix

    Date 18 Oct 2004
    Posted By LinuxSecurity Advisories
    Michal Zalewski discovered a bug in the netkit-telnet server (telnetd) whereby a remote attacker could cause the telnetd process to free an invalid pointer.
    Debian Security Advisory DSA 556-2                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    XXXXX 8th, 2004                
    Package        : netkit-telnet
    Vulnerability  : invalid free(3)
    Problem-Type   : remote
    Debian-specific: yes
    CVE ID         : CAN-2004-0911
    Debian Bug     : 273694
    This is an update for DSA 556-1 which was intended to fix a denial of
    service situation in netkit-telnet but didn't.  The update for
    unstable did fix the problem.  For completeness below is the original
    advisory text:
      Michal Zalewski discovered a bug in the netkit-telnet server (telnetd)
      whereby a remote attacker could cause the telnetd process to free an
      invalid pointer.  This causes the telnet server process to crash,
      leading to a straightforward denial of service (inetd will disable the
      service if telnetd is crashed repeatedly), or possibly the execution
      of arbitrary code with the privileges of the telnetd process (by
      default, the 'telnetd' user).
      For the unstable distribution (sid) this problem has been fixed in
      version 0.17-26.
    For the stable distribution (woody) this problem has been fixed in
    version 0.17-18woody2.
    We recommend that you upgrade your netkit-telnet-ssl package.
    Upgrade Instructions
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.0 alias woody
      Source archives:
          Size/MD5 checksum:      602 5c4291548c60df2607baabc8af77fe88
          Size/MD5 checksum:    21969 e29d25caa0138fe87b26f2fee609698d
          Size/MD5 checksum:   133749 d6beabaaf53fe6e382c42ce3faa05a36
      Alpha architecture:
          Size/MD5 checksum:    84150 5cd0073e1d87493de0e9347e08b33e4c
          Size/MD5 checksum:    45804 4f5924c6b71a716bbae5ff32aebdaee1
      ARM architecture:
          Size/MD5 checksum:    69924 8bb25a534f053a693aa971df0e15d71f
          Size/MD5 checksum:    39618 2cfc8d96f00bb739333adf0659caceb6
      Intel IA-32 architecture:
          Size/MD5 checksum:    70944 f8361dcb79029ba42c929a4eec1c9f2c
          Size/MD5 checksum:    38594 8619caa3b44632443cde32a032100d3f
      Intel IA-64 architecture:
          Size/MD5 checksum:   102740 d9839694911c708b6e76de4f41434b24
          Size/MD5 checksum:    52486 8d7c4b6f977d5f01e93ef2437829202d
      HP Precision architecture:
          Size/MD5 checksum:    69972 f5eb1bcafb1306cad596edc9e177eb7d
          Size/MD5 checksum:    43514 00b12715674693c3413dc74393d13cd7
      Motorola 680x0 architecture:
          Size/MD5 checksum:    67156 3a4ba0fc24b5fbdc6cd07dfe369ff051
          Size/MD5 checksum:    37452 951df56394fe48d8b2545c9595280307
      Big endian MIPS architecture:
          Size/MD5 checksum:    80850 b2b47cef8c63aeae88939319ccffeb4a
          Size/MD5 checksum:    42610 3da3497520b9b63aa76860249ffa19a8
      Little endian MIPS architecture:
          Size/MD5 checksum:    80746 23cc994b10106a96da77b8b4c09db293
          Size/MD5 checksum:    42602 eaa443670708c98ca589e8c79b7e130d
      PowerPC architecture:
          Size/MD5 checksum:    73210 279bd225fed44479f70d231244378a34
          Size/MD5 checksum:    40256 ded106aca9111c910eed3e0c8471f90d
      IBM S/390 architecture:
          Size/MD5 checksum:    73160 4b6a667921fad470fc9cf2ea5a337987
          Size/MD5 checksum:    41218 25a8ed701f933546d375626adc5af142
      Sun Sparc architecture:
          Size/MD5 checksum:    74160 ec213a37a00451e2c6d7e0ef8867acae
          Size/MD5 checksum:    45324 8af7b133cbf41eafc21886bed81b1c84
      These files will probably be moved into the stable distribution on
      its next update.
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"8","type":"x","order":"1","pct":27.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":20.69,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":51.72,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.