Executive Summary
| Summary | |
|---|---|
| Title | New netkit-telnet-ssl package fixes format string vulnerability |
| Informations | |||
|---|---|---|---|
| Name | DSA-529 | First vendor Publication | 2004-07-17 |
| Vendor | Debian | Last vendor Modification | 2004-07-17 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| b0f discovered a format string vulnerability in netkit-telnet-ssl which could potentially allow a remote attacker to cause the execution of arbitrary code with the privileges of the telnet daemon (the 'telnetd' user by default). For the current stable distribution (woody), this problem has been fixed in version 0.17.17+0.1-2woody1. For the unstable distribution (sid), this problem has been fixed in version 0.17.24+0.1-2. We recommend that you update your netkit-telnet-ssl package. |
Original Source
| Url : http://www.debian.org/security/2004/dsa-529 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 | |
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-04 | Name : FreeBSD Ports: SSLtelnet File : nvt/freebsd_SSLtelnet.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 529-1 (netkit-telnet-ssl) File : nvt/deb_529_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 7594 | SSLTelnet Error Logging Remote Format String SSLTelnet contains a flaw that may allow a malicious user to execute code remotely. The issue is triggered when a call is made to the syslog() function without any arguments. Under some circumstances this may be exploited remotely resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-529.nasl - Type : ACT_GATHER_INFO |
| 2004-07-06 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_ssltelnet_0131.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:33:23 |
|
