Debian: telnetd-ssl arbitrary code execution fix

    Date22 Dec 2004
    CategoryDebian
    4611
    Posted ByJoe Shakespeare
    Joel Eriksson discovered a format string vulnerability in telnetd-ssl which may be able to lead to the execution of arbitrary code on the victims machine.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 616-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    December 23rd, 2004                     http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : netkit-telnet-ssl
    Vulnerability  : format string
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-0998
    
    Joel Eriksson discovered a format string vulnerability in telnetd-ssl
    which may be able to lead to the execution of arbitrary code on the
    victims machine.
    
    For the stable distribution (woody) this problem has been fixed in
    version 0.17.17+0.1-2woody3.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 0.17.24+0.1-6.
    
    We recommend that you upgrade your immediately package.
    
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody3.dsc
          Size/MD5 checksum:      669 1911a91198987efcbfeaf54ba94994e2
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody3.diff.gz
          Size/MD5 checksum:     8721 901621f6abc0c1c6dc0713570994acf7
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1.orig.tar.gz
          Size/MD5 checksum:   167658 faf2d112bc4d44f522bad3bc73da8d6d
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_alpha.deb
          Size/MD5 checksum:   101104 b3e71d1b626e6f618bba5e337c5e0221
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_alpha.deb
          Size/MD5 checksum:    56962 847abe42f9b4f910156239c85b35e2a7
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_arm.deb
          Size/MD5 checksum:    85194 1db7e7432d8025531b869ae5c737014b
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_arm.deb
          Size/MD5 checksum:    48596 ad29db7a35ad3ee4e3d2c5c411b0edb9
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_i386.deb
          Size/MD5 checksum:    85512 60cc558b94c132683259dcf6cce07874
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_i386.deb
          Size/MD5 checksum:    46708 1554de5105f77ebad4168c80d2cc4e83
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_ia64.deb
          Size/MD5 checksum:   123206 f04a1406feca437cd7acfd38214ea1d9
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_ia64.deb
          Size/MD5 checksum:    66668 b87ace7ba0732798804ed9c247805d2d
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_hppa.deb
          Size/MD5 checksum:    86580 d02c49d43f91bd4b1509fe71d15bbc6f
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_hppa.deb
          Size/MD5 checksum:    53920 d8b9f61a1203571b667159f834623157
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_m68k.deb
          Size/MD5 checksum:    81420 437597b90358da1afee0818adf1c7242
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_m68k.deb
          Size/MD5 checksum:    45430 6bffe1c28aab33caa01bd26305029aac
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_mips.deb
          Size/MD5 checksum:    97400 1af9df6a844768e2bb26a613044737e3
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_mips.deb
          Size/MD5 checksum:    52270 c94b3bfb596075ab4b6444a9976f3988
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_mipsel.deb
          Size/MD5 checksum:    97254 a9e36f6f8ae3056d0d81434740c42640
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_mipsel.deb
          Size/MD5 checksum:    52270 3f4f2c8dff2e8931a2eff219f8b21274
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_powerpc.deb
          Size/MD5 checksum:    88154 66a69eeceb817ace1d8f5c3c50ea005c
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_powerpc.deb
          Size/MD5 checksum:    48808 85f0c6366f0da31dcb6311473c36c046
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_s390.deb
          Size/MD5 checksum:    88640 d035c31cec5e1f95eeb724d74b90cff2
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_s390.deb
          Size/MD5 checksum:    50392 6daf008b16da16b680ddacb6b4b5c34c
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_sparc.deb
          Size/MD5 checksum:    89282 7e2c15d9c13c9d08e4715e5cc59dda7e
        http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_sparc.deb
          Size/MD5 checksum:    54568 2793a24d88797557f97e0f76798e44ed
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.