Debian: 'netkit-telnet-ssl' buffer overflow

    Date 14 Aug 2001
    2743
    Posted By LinuxSecurity Advisories
    The telnet daemon contained in the netkit-telnet-ssl_0.16.3-1 package in the 'stable' (potato) distribution of Debian GNU/Linux is vulnerable to an exploitable overflow in its output handling.
    
    ------------------------------------------------------------------------
    Debian Security Advisory DSA-075-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
    https://www.debian.org/security/                    Robert van der Meulen
    August 14, 2001
    ------------------------------------------------------------------------
    
    
    Package        : netkit-telnet-ssl
    Problem type   : remote exploit
    Debian-specific: no
    
    The telnet daemon contained in the netkit-telnet-ssl_0.16.3-1 package in
    the 'stable' (potato) distribution of Debian GNU/Linux is vulnerable to an
    exploitable overflow in its output handling.
    The original bug was found by <This email address is being protected from spambots. You need JavaScript enabled to view it.>, and announced to
    bugtraq on Jul 18 2001. At that time, netkit-telnet versions after 0.14 were
    not believed to be vulnerable.
    On Aug 10 2001, zen-parse posted an advisory based on the same problem, for
    all netkit-telnet versions below 0.17.
    More details can be found on  https://www.securityfocus.com/archive/1/203000 .
    As Debian uses the 'telnetd' user to run in.telnetd, this is not a remote
    root compromise on Debian systems; the 'telnetd' user can be compromised.
    
    We strongly advise you update your netkit-telnet-ssl packages to the versions
    listed below.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    
    Debian GNU/Linux 2.2 alias potato
    ---------------------------------
    
      Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
    
      Source archives:
         https://security.debian.org/dists/stable/updates/main/source/netkit-telnet-ssl_0.16.3-1.1.diff.gz
          MD5 checksum: 953d3006b9491a441799f73633a72f05
         https://security.debian.org/dists/stable/updates/main/source/netkit-telnet-ssl_0.16.3-1.1.dsc
          MD5 checksum: aed9ded4b4d69dd852dfd5320a8a9cf5
         https://security.debian.org/dists/stable/updates/main/source/netkit-telnet-ssl_0.16.3.orig.tar.gz
          MD5 checksum: 999a416e11e9a9750b0ec2428eeabe1d
    
      Alpha architecture:
         https://security.debian.org/dists/stable/updates/main/binary-alpha/ssltelnet_0.16.3-1.1_alpha.deb
          MD5 checksum: 92680b907a65008e04cc0cf16ce1d87f
         https://security.debian.org/dists/stable/updates/main/binary-alpha/telnet-ssl_0.16.3-1.1_alpha.deb
          MD5 checksum: 4d4f6e8ee1e06eacb416de4733f45170
         https://security.debian.org/dists/stable/updates/main/binary-alpha/telnetd-ssl_0.16.3-1.1_alpha.deb
          MD5 checksum: dec52e65bb6304fd353e2af33adedb7c
    
      ARM architecture:
         https://security.debian.org/dists/stable/updates/main/binary-arm/ssltelnet_0.16.3-1.1_arm.deb
          MD5 checksum: 668f8343d7e6ed824a55d8510723cc2a
         https://security.debian.org/dists/stable/updates/main/binary-arm/telnet-ssl_0.16.3-1.1_arm.deb
          MD5 checksum: c3bacf45513033a66bfefcf370e295c9
         https://security.debian.org/dists/stable/updates/main/binary-arm/telnetd-ssl_0.16.3-1.1_arm.deb
          MD5 checksum: 3241dbd7380b97edec177305694891ae
    
      Intel IA-32 architecture:
         https://security.debian.org/dists/stable/updates/main/binary-i386/ssltelnet_0.16.3-1.1_i386.deb
          MD5 checksum: aec70bdc25994a1a885fac130a426ddc
         https://security.debian.org/dists/stable/updates/main/binary-i386/telnet-ssl_0.16.3-1.1_i386.deb
          MD5 checksum: 4b97d30b1417a9e2ebb8d941c9486451
         https://security.debian.org/dists/stable/updates/main/binary-i386/telnetd-ssl_0.16.3-1.1_i386.deb
          MD5 checksum: a6d456dc0a9789436dd4f92ace9dadf6
    
      Motorola 680x0 architecture:
         https://security.debian.org/dists/stable/updates/main/binary-m68k/ssltelnet_0.16.3-1.1_m68k.deb
          MD5 checksum: a38f77d83afc1daeb9b23a91cdd90478
         https://security.debian.org/dists/stable/updates/main/binary-m68k/telnet-ssl_0.16.3-1.1_m68k.deb
          MD5 checksum: 0cb485fb260ac74b411b8b82bd299d04
         https://security.debian.org/dists/stable/updates/main/binary-m68k/telnetd-ssl_0.16.3-1.1_m68k.deb
          MD5 checksum: 3c6cfd4542145edac7a9c4b55a59a896
    
      PowerPC architecture:
         https://security.debian.org/dists/stable/updates/main/binary-powerpc/ssltelnet_0.16.3-1.1_powerpc.deb
          MD5 checksum: 983ec249db831da8f01e730f5265207e
         https://security.debian.org/dists/stable/updates/main/binary-powerpc/telnet-ssl_0.16.3-1.1_powerpc.deb
          MD5 checksum: f069f9a731337b7bcc60db23ca2707ee
         https://security.debian.org/dists/stable/updates/main/binary-powerpc/telnetd-ssl_0.16.3-1.1_powerpc.deb
          MD5 checksum: 3627da7c28bb071a157f2cab29bd4ad9
    
      Sun Sparc architecture:
         https://security.debian.org/dists/stable/updates/main/binary-sparc/ssltelnet_0.16.3-1.1_sparc.deb
          MD5 checksum: 7c108a2fd7d4a86513baa3849076882a
         https://security.debian.org/dists/stable/updates/main/binary-sparc/telnet-ssl_0.16.3-1.1_sparc.deb
          MD5 checksum: 8951b3d32c086ba5fe81a3f62578dd89
         https://security.debian.org/dists/stable/updates/main/binary-sparc/telnetd-ssl_0.16.3-1.1_sparc.deb
          MD5 checksum: 5ca8897ae2bb3afeb3a0c1b0f34677bc
    
      These packages will be moved into the stable distribution on its next
      revision.
    
    For not yet released architectures please refer to the appropriate
    directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
    
    --
    ----------------------------------------------------------------------------
    apt-get: deb  https://security.debian.org/ stable/updates main
    dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/30-do-you-feel-that-the-lawful-access-to-encrypted-data-act-which-aims-to-force-encryption-backdoors-is-a-threat-to-privacy?task=poll.vote&format=json
    30
    radio
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"19","type":"x","order":"1","pct":95,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"1","type":"x","order":"2","pct":5,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.