Skip Quicknav

• About Debian
• News
• Getting Debian
• Support
• Developers' Corner
• Site map
• Search

Debian Security Advisory

DSA-075-1 netkit-telnet-ssl -- remote exploit

Date Reported:

14 Aug 2001

Affected Packages:

netkit-telnet-ssl

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2001-0554.

More information:

The telnet daemon contained in the netkit-telnet-ssl_0.16.3-1 package in the 'stable' (potato) distribution of Debian GNU/Linux is vulnerable to an exploitable overflow in its output handling. The original bug was found by <scut@nb.in-berlin.de>, and announced to bugtraq on Jul 18 2001. At that time, netkit-telnet versions after 0.14 were not believed to be vulnerable.

On Aug 10 2001, zen-parse posted an advisory based on the same problem, for all netkit-telnet versions below 0.17.

More details can be found on SecurityFocus. As Debian uses the 'telnetd' user to run in.telnetd, this is not a remote root compromise on Debian systems; the 'telnetd' user can be compromised.

We strongly advise you update your netkit-telnet-ssl packages to the versions listed below.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:

http://security.debian.org/dists/stable/updates/main/source/netkit-telnet-ssl_0.16.3-1.1.diff.gz

http://security.debian.org/dists/stable/updates/main/source/netkit-telnet-ssl_0.16.3-1.1.dsc

http://security.debian.org/dists/stable/updates/main/source/netkit-telnet-ssl_0.16.3.orig.tar.gz

Alpha:

http://security.debian.org/dists/stable/updates/main/binary-alpha/ssltelnet_0.16.3-1.1_alpha.deb

http://security.debian.org/dists/stable/updates/main/binary-alpha/telnet-ssl_0.16.3-1.1_alpha.deb

http://security.debian.org/dists/stable/updates/main/binary-alpha/telnetd-ssl_0.16.3-1.1_alpha.deb

ARM:

http://security.debian.org/dists/stable/updates/main/binary-arm/ssltelnet_0.16.3-1.1_arm.deb

http://security.debian.org/dists/stable/updates/main/binary-arm/telnet-ssl_0.16.3-1.1_arm.deb

http://security.debian.org/dists/stable/updates/main/binary-arm/telnetd-ssl_0.16.3-1.1_arm.deb

Intel IA-32:

http://security.debian.org/dists/stable/updates/main/binary-i386/ssltelnet_0.16.3-1.1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/telnet-ssl_0.16.3-1.1_i386.deb

http://security.debian.org/dists/stable/updates/main/binary-i386/telnetd-ssl_0.16.3-1.1_i386.deb

Motorola 680x0:

http://security.debian.org/dists/stable/updates/main/binary-m68k/ssltelnet_0.16.3-1.1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/telnet-ssl_0.16.3-1.1_m68k.deb

http://security.debian.org/dists/stable/updates/main/binary-m68k/telnetd-ssl_0.16.3-1.1_m68k.deb

PowerPC:

http://security.debian.org/dists/stable/updates/main/binary-powerpc/ssltelnet_0.16.3-1.1_powerpc.deb

http://security.debian.org/dists/stable/updates/main/binary-powerpc/telnet-ssl_0.16.3-1.1_powerpc.deb

http://security.debian.org/dists/stable/updates/main/binary-powerpc/telnetd-ssl_0.16.3-1.1_powerpc.deb

Sun Sparc:

http://security.debian.org/dists/stable/updates/main/binary-sparc/ssltelnet_0.16.3-1.1_sparc.deb

http://security.debian.org/dists/stable/updates/main/binary-sparc/telnet-ssl_0.16.3-1.1_sparc.deb

http://security.debian.org/dists/stable/updates/main/binary-sparc/telnetd-ssl_0.16.3-1.1_sparc.deb

MD5 checksums of the listed files are available in the original advisory.
MD5 checksums of the listed files are available in the revised advisory.

This page is also available in the following languages:

dansk Deutsch español français 日本語 (Nihongo) Português suomi svenska

How to set the default document language