Summary
The remote host is missing an update to netkit-telnet-ssl announced via advisory DSA 075-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20075-1
Insight
The telnet daemon contained in the netkit-telnet-ssl_0.16.3-1 package in the 'stable' (potato) distribution of Debian GNU/Linux is vulnerable to an exploitable overflow in its output handling.
The original bug was found by <scut@nb.in-berlin.de>, and announced to bugtraq on Jul 18 2001. At that time, netkit-telnet versions after 0.14 were not believed to be vulnerable.
On Aug 10 2001, zen-parse posted an advisory based on the same problem, for all netkit-telnet versions below 0.17.
More details can be found on http://www.securityfocus.com/archive/1/203000 .
As Debian uses the 'telnetd' user to run in.telnetd, this is not a remote root compromise on Debian systems
the 'telnetd' user can be compromised.
We strongly advise you update your netkit-telnet-ssl packages to the versions listed below.
Severity
Classification
-
CVE CVE-2001-0554 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities