Debian: 'netkit-telnet-ssl' buffer overflow

    Date14 Aug 2001
    CategoryDebian
    2640
    Posted ByLinuxSecurity Advisories
    The telnet daemon contained in the netkit-telnet-ssl_0.16.3-1 package in the 'stable' (potato) distribution of Debian GNU/Linux is vulnerable to an exploitable overflow in its output handling.
    
    ------------------------------------------------------------------------
    Debian Security Advisory DSA-075-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                    Robert van der Meulen
    August 14, 2001
    ------------------------------------------------------------------------
    
    
    Package        : netkit-telnet-ssl
    Problem type   : remote exploit
    Debian-specific: no
    
    The telnet daemon contained in the netkit-telnet-ssl_0.16.3-1 package in
    the 'stable' (potato) distribution of Debian GNU/Linux is vulnerable to an
    exploitable overflow in its output handling.
    The original bug was found by <This email address is being protected from spambots. You need JavaScript enabled to view it.>, and announced to
    bugtraq on Jul 18 2001. At that time, netkit-telnet versions after 0.14 were
    not believed to be vulnerable.
    On Aug 10 2001, zen-parse posted an advisory based on the same problem, for
    all netkit-telnet versions below 0.17.
    More details can be found on  http://www.securityfocus.com/archive/1/203000 .
    As Debian uses the 'telnetd' user to run in.telnetd, this is not a remote
    root compromise on Debian systems; the 'telnetd' user can be compromised.
    
    We strongly advise you update your netkit-telnet-ssl packages to the versions
    listed below.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    
    Debian GNU/Linux 2.2 alias potato
    ---------------------------------
    
      Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
    
      Source archives:
         http://security.debian.org/dists/stable/updates/main/source/netkit-telnet-ssl_0.16.3-1.1.diff.gz
          MD5 checksum: 953d3006b9491a441799f73633a72f05
         http://security.debian.org/dists/stable/updates/main/source/netkit-telnet-ssl_0.16.3-1.1.dsc
          MD5 checksum: aed9ded4b4d69dd852dfd5320a8a9cf5
         http://security.debian.org/dists/stable/updates/main/source/netkit-telnet-ssl_0.16.3.orig.tar.gz
          MD5 checksum: 999a416e11e9a9750b0ec2428eeabe1d
    
      Alpha architecture:
         http://security.debian.org/dists/stable/updates/main/binary-alpha/ssltelnet_0.16.3-1.1_alpha.deb
          MD5 checksum: 92680b907a65008e04cc0cf16ce1d87f
         http://security.debian.org/dists/stable/updates/main/binary-alpha/telnet-ssl_0.16.3-1.1_alpha.deb
          MD5 checksum: 4d4f6e8ee1e06eacb416de4733f45170
         http://security.debian.org/dists/stable/updates/main/binary-alpha/telnetd-ssl_0.16.3-1.1_alpha.deb
          MD5 checksum: dec52e65bb6304fd353e2af33adedb7c
    
      ARM architecture:
         http://security.debian.org/dists/stable/updates/main/binary-arm/ssltelnet_0.16.3-1.1_arm.deb
          MD5 checksum: 668f8343d7e6ed824a55d8510723cc2a
         http://security.debian.org/dists/stable/updates/main/binary-arm/telnet-ssl_0.16.3-1.1_arm.deb
          MD5 checksum: c3bacf45513033a66bfefcf370e295c9
         http://security.debian.org/dists/stable/updates/main/binary-arm/telnetd-ssl_0.16.3-1.1_arm.deb
          MD5 checksum: 3241dbd7380b97edec177305694891ae
    
      Intel IA-32 architecture:
         http://security.debian.org/dists/stable/updates/main/binary-i386/ssltelnet_0.16.3-1.1_i386.deb
          MD5 checksum: aec70bdc25994a1a885fac130a426ddc
         http://security.debian.org/dists/stable/updates/main/binary-i386/telnet-ssl_0.16.3-1.1_i386.deb
          MD5 checksum: 4b97d30b1417a9e2ebb8d941c9486451
         http://security.debian.org/dists/stable/updates/main/binary-i386/telnetd-ssl_0.16.3-1.1_i386.deb
          MD5 checksum: a6d456dc0a9789436dd4f92ace9dadf6
    
      Motorola 680x0 architecture:
         http://security.debian.org/dists/stable/updates/main/binary-m68k/ssltelnet_0.16.3-1.1_m68k.deb
          MD5 checksum: a38f77d83afc1daeb9b23a91cdd90478
         http://security.debian.org/dists/stable/updates/main/binary-m68k/telnet-ssl_0.16.3-1.1_m68k.deb
          MD5 checksum: 0cb485fb260ac74b411b8b82bd299d04
         http://security.debian.org/dists/stable/updates/main/binary-m68k/telnetd-ssl_0.16.3-1.1_m68k.deb
          MD5 checksum: 3c6cfd4542145edac7a9c4b55a59a896
    
      PowerPC architecture:
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/ssltelnet_0.16.3-1.1_powerpc.deb
          MD5 checksum: 983ec249db831da8f01e730f5265207e
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/telnet-ssl_0.16.3-1.1_powerpc.deb
          MD5 checksum: f069f9a731337b7bcc60db23ca2707ee
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/telnetd-ssl_0.16.3-1.1_powerpc.deb
          MD5 checksum: 3627da7c28bb071a157f2cab29bd4ad9
    
      Sun Sparc architecture:
         http://security.debian.org/dists/stable/updates/main/binary-sparc/ssltelnet_0.16.3-1.1_sparc.deb
          MD5 checksum: 7c108a2fd7d4a86513baa3849076882a
         http://security.debian.org/dists/stable/updates/main/binary-sparc/telnet-ssl_0.16.3-1.1_sparc.deb
          MD5 checksum: 8951b3d32c086ba5fe81a3f62578dd89
         http://security.debian.org/dists/stable/updates/main/binary-sparc/telnetd-ssl_0.16.3-1.1_sparc.deb
          MD5 checksum: 5ca8897ae2bb3afeb3a0c1b0f34677bc
    
      These packages will be moved into the stable distribution on its next
      revision.
    
    For not yet released architectures please refer to the appropriate
    directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
    
    --
    ----------------------------------------------------------------------------
    apt-get: deb  http://security.debian.org/ stable/updates main
    dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"22","type":"x","order":"1","pct":55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.5,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":32.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.