|
Family: Debian Local Security Checks --> Category: infos
[DSA556] DSA-556-2 netkit-telnet Vulnerability Scan
Vulnerability Scan Summary DSA-556-2 netkit-telnet
Detailed Explanation for this Vulnerability Test
Michal Zalewski discovered a bug in the netkit-telnet server (telnetd)
whereby a remote attacker could cause the telnetd process to free an
invalid pointer. This causes the telnet server process to crash,
leading to a straightforward denial of service (inetd will disable the
service if telnetd is crashed repeatedly), or possibly the execution
of arbitrary code with the rights of the telnetd process (by
default, the 'telnetd' user).
For the stable distribution (woody) this problem has been fixed in
version 0.17-18woody2.
For the unstable distribution (sid) this problem has been fixed in
version 0.17-26.
We recommend that you upgrade your netkit-telnet package.
Solution : http://www.debian.org/security/2004/dsa-556
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|