Debian Security Advisory DSA 075-1 (netkit-telnet-ssl)

Summary
The remote host is missing an update to netkit-telnet-ssl announced via advisory DSA 075-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20075-1
Insight
The telnet daemon contained in the netkit-telnet-ssl_0.16.3-1 package in the 'stable' (potato) distribution of Debian GNU/Linux is vulnerable to an exploitable overflow in its output handling. The original bug was found by <scut@nb.in-berlin.de>, and announced to bugtraq on Jul 18 2001. At that time, netkit-telnet versions after 0.14 were not believed to be vulnerable. On Aug 10 2001, zen-parse posted an advisory based on the same problem, for all netkit-telnet versions below 0.17. More details can be found on http://www.securityfocus.com/archive/1/203000 . As Debian uses the 'telnetd' user to run in.telnetd, this is not a remote root compromise on Debian systems the 'telnetd' user can be compromised. We strongly advise you update your netkit-telnet-ssl packages to the versions listed below.