SSLTelnetd Unspecified Format String Vulnerability
BID:12085
Info
SSLTelnetd Unspecified Format String Vulnerability
| Bugtraq ID: | 12085 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-0998 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 23 2004 12:00AM |
| Updated: | Jul 12 2009 09:26AM |
| Credit: | Discovery is credited to Joel Eriksson. |
| Vulnerable: |
Netkit Linux Netkit 0.17.17 |
| Not Vulnerable: | |
Discussion
SSLTelnetd Unspecified Format String Vulnerability
Reportedly SSLTelnetd is affected by an unspecified format string vulnerability. This issue is due to an improper implementation of a formatted string function.
Specific technical details about this issue were not disclosed. It is conjectured that due to the nature of the affected application, this issue is remotely exploitable.
This vulnerability is reported to affect Linux Netkit netkit-telnet-ssl 0.17.17, however, it is likely that other versions are affected as well.
This BID will be updated when more information becomes available.
Reportedly SSLTelnetd is affected by an unspecified format string vulnerability. This issue is due to an improper implementation of a formatted string function.
Specific technical details about this issue were not disclosed. It is conjectured that due to the nature of the affected application, this issue is remotely exploitable.
This vulnerability is reported to affect Linux Netkit netkit-telnet-ssl 0.17.17, however, it is likely that other versions are affected as well.
This BID will be updated when more information becomes available.
Exploit / POC
SSLTelnetd Unspecified Format String Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
SSLTelnetd Unspecified Format String Vulnerability
Solution:
Debian has released an advisory DSA 616-1 to address this issue. Please see the referenced advisory for more information.
Netkit Linux Netkit 0.17.17
Solution:
Debian has released an advisory DSA 616-1 to address this issue. Please see the referenced advisory for more information.
Netkit Linux Netkit 0.17.17
-
Debian telnet-ssl_0.17.17+0.1-2woody3_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody3_alpha.deb -
Debian telnet-ssl_0.17.17+0.1-2woody3_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody3_arm.deb -
Debian telnet-ssl_0.17.17+0.1-2woody3_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody3_hppa.deb -
Debian telnet-ssl_0.17.17+0.1-2woody3_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody3_i386.deb -
Debian telnet-ssl_0.17.17+0.1-2woody3_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody3_ia64.deb -
Debian telnet-ssl_0.17.17+0.1-2woody3_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody3_m68k.deb -
Debian telnet-ssl_0.17.17+0.1-2woody3_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody3_mips.deb -
Debian telnet-ssl_0.17.17+0.1-2woody3_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody3_mipsel.deb -
Debian telnet-ssl_0.17.17+0.1-2woody3_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody3_powerpc.deb -
Debian telnet-ssl_0.17.17+0.1-2woody3_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody3_s390.deb -
Debian telnet-ssl_0.17.17+0.1-2woody3_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody3_sparc.deb -
Debian telnetd-ssl_0.17.17+0.1-2woody3_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody3_alpha.deb -
Debian telnetd-ssl_0.17.17+0.1-2woody3_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody3_arm.deb -
Debian telnetd-ssl_0.17.17+0.1-2woody3_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody3_hppa.deb -
Debian telnetd-ssl_0.17.17+0.1-2woody3_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody3_i386.deb -
Debian telnetd-ssl_0.17.17+0.1-2woody3_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody3_ia64.deb -
Debian telnetd-ssl_0.17.17+0.1-2woody3_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody3_m68k.deb -
Debian telnetd-ssl_0.17.17+0.1-2woody3_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody3_mips.deb -
Debian telnetd-ssl_0.17.17+0.1-2woody3_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody3_mipsel.deb -
Debian telnetd-ssl_0.17.17+0.1-2woody3_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody3_powerpc.deb -
Debian telnetd-ssl_0.17.17+0.1-2woody3_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody3_s390.deb -
Debian telnetd-ssl_0.17.17+0.1-2woody3_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody3_sparc.deb
References
SSLTelnetd Unspecified Format String Vulnerability
References:
References: