Overview
Debian Linux Netkit telnetd-ssl contains a format string vulnerability that may allow a remote attacker to execute arbitrary code.
Description
An unspecified format string vulnerability in Debian Linux Netkit telnetd-ssl may allow a remote attacker to execute arbitrary code on a vulnerable system. According to public reports, exploitation occurs when telnetd-ssl attempts to process specially crafted SSL error messages. No further details are available at this time. |
Impact
A remote attacker may be able to execute arbitrary code on a vulnerable system. |
Solution
Upgrade This problem has been addressed in Debian Linux version 0.17.17+0.1-2woody3 of the stable distribution (woody), and version 0.17.24+0.1-6 of the unstable distribution (sid). Please see the Debian Security Advisory DSA-616-1 for instructions on how to upgrade. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported by Joel Eriksson.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | CVE-2004-0998 |
| Severity Metric: | 4.30 |
| Date Public: | 2004-12-23 |
| Date First Published: | 2005-01-13 |
| Date Last Updated: | 2005-02-01 21:10 UTC |
| Document Revision: | 58 |