Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-699-1:6A93B
HistoryMar 29, 2005 - 1:22 p.m.

[SECURITY] [DSA 699-1] New netkit-telnet-ssl packages fix arbitrary code execution

2005-03-2913:22:55
lists.debian.org
7

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Debian Security Advisory DSA 699-1 [email protected]
http://www.debian.org/security/ Martin Schulze
March 29th, 2005 http://www.debian.org/security/faq

Package : netkit-telnet-ssl
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0469

iDEFENSE researchers discovered a buffer overflow in the handling of
the LINEMODE suboptions in telnet clients. This can lead to the
execution of arbitrary code when connected to a malicious server.

For the stable distribution (woody) this problem has been fixed in
version 0.17.17+0.1-2woody4.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your telnet-ssl package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody4.dsc
  Size/MD5 checksum:      669 edcae9a56571c23861cc772d116f6d9b
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody4.diff.gz
  Size/MD5 checksum:     9099 0c6a68a7522269cb7c7f18e08e9f3228
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1.orig.tar.gz
  Size/MD5 checksum:   167658 faf2d112bc4d44f522bad3bc73da8d6d

Alpha architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_alpha.deb
  Size/MD5 checksum:   101196 46f45337d4a60eb738b077770e3aa2a4
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_alpha.deb
  Size/MD5 checksum:    57024 b2a33f4b5143da8a36ee78b75850c6c2

ARM architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_arm.deb
  Size/MD5 checksum:    85194 1db7e7432d8025531b869ae5c737014b
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_arm.deb
  Size/MD5 checksum:    48596 ad29db7a35ad3ee4e3d2c5c411b0edb9

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_i386.deb
  Size/MD5 checksum:    85608 6b9e94d7acf3274a62a78e98b069060b
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_i386.deb
  Size/MD5 checksum:    46730 09bf8699c1af6a5f4f9e913d7ef92759

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_ia64.deb
  Size/MD5 checksum:   123272 d81d94ec52c655bb8496bf126c9077aa
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_ia64.deb
  Size/MD5 checksum:    66728 e1879d40f611846bb7f787245feb8fee

HP Precision architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_hppa.deb
  Size/MD5 checksum:    86624 677730710e0adac9cb6cbe1d1cca742b
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_hppa.deb
  Size/MD5 checksum:    54054 df3349ebb866ada9bc08a3dabf681bcc

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_m68k.deb
  Size/MD5 checksum:    81534 9007bc1b9ce71d54eda4da588269e39b
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_m68k.deb
  Size/MD5 checksum:    45494 8bd015cf665ed260e8943aaf9a88d5a9

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_mips.deb
  Size/MD5 checksum:    97454 ad228bd9d0353478740fde78095b8332
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_mips.deb
  Size/MD5 checksum:    52346 b22cdea93cc2d406144f7797918ba348

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_mipsel.deb
  Size/MD5 checksum:    97292 fe280b5296350918ef3f99bd86c1e3e8
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_mipsel.deb
  Size/MD5 checksum:    52334 816d5bce2968f676d3261a1d3e9e5e21

PowerPC architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_powerpc.deb
  Size/MD5 checksum:    88238 c0b09580e81ff24c5e04d7ae0e859645
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_powerpc.deb
  Size/MD5 checksum:    48882 f1ab39899f6b2892cae81b8b4dfb2d16

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_s390.deb
  Size/MD5 checksum:    88746 b4a754f74fe3bc462488c62a137fa422
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_s390.deb
  Size/MD5 checksum:    50562 fe91806b369af4ff31030c1079b7b9bd

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_sparc.deb
  Size/MD5 checksum:    89356 dd5d9462b3b86d40f0f67a9ec86adc57
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_sparc.deb
  Size/MD5 checksum:    54646 5d694a26621ef73ce5d2c0e6ed9bc887

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

OSVersionArchitecturePackageVersionFilename
Debian3alphakrb5-ftpd< 1.2.4-5woody8krb5-ftpd_1.2.4-5woody8_alpha.deb
Debian3s390krb5-ftpd< 1.2.4-5woody8krb5-ftpd_1.2.4-5woody8_s390.deb
Debian3i386libkadm5srv7-heimdal< 0.4e-7.woody.11libkadm5srv7-heimdal_0.4e-7.woody.11_i386.deb
Debian3i386libacl1-kerberos4kth< 1.1-8-2.4libacl1-kerberos4kth_1.1-8-2.4_i386.deb
Debian3hppaheimdal-kdc< 0.4e-7.woody.11heimdal-kdc_0.4e-7.woody.11_hppa.deb
Debian3mipsheimdal-kdc< 0.4e-7.woody.11heimdal-kdc_0.4e-7.woody.11_mips.deb
Debian3ia64heimdal-clients-x< 0.4e-7.woody.11heimdal-clients-x_0.4e-7.woody.11_ia64.deb
Debian3m68klibcomerr1-heimdal< 0.4e-7.woody.11libcomerr1-heimdal_0.4e-7.woody.11_m68k.deb
Debian3hppalibhdb7-heimdal< 0.4e-7.woody.11libhdb7-heimdal_0.4e-7.woody.11_hppa.deb
Debian3hppakerberos4kth-clients-x< 1.1-8-2.4kerberos4kth-clients-x_1.1-8-2.4_hppa.deb
Rows per page:
1-10 of 4971

Related

checkpoint_advisories 1
cert 2
nessus 22
openvas 37
gentoo 4
cbl_mariner 1
ubuntucve 2
osv 4
debiancve 2
debian 9
securityvulns 1
cve 2
redhat 2
slackware 1
ubuntu 2
freebsd_advisory 1
f5 2
freebsd 1
checkpoint_advisories
checkpoint_advisories
Multiple Vendor Telnet Client LINEMODE Buffer Overflow (CVE-2005-0469)
2009-10-12 00:00:00
cert
cert
Multiple Telnet clients fail to properly handle the "LINEMODE" SLC suboption
2005-03-29 00:00:00
Multiple Telnet Clients vulnerable to buffer overflow via the env_opt_add() function in telnet.c
2005-04-01 00:00:00
nessus
nessus
Debian DSA-697-1 : netkit-telnet - buffer overflow
2005-03-29 00:00:00
Debian DSA-699-1 : netkit-telnet-ssl - buffer overflow
2005-03-29 00:00:00
GLSA-200503-36 : netkit-telnetd: Buffer overflow
2005-04-01 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200503-36 (netkit-telnetd)
2008-09-24 00:00:00
Debian Security Advisory DSA 697-1 (netkit-telnet)
2008-01-17 00:00:00
Debian Security Advisory DSA 765-1 (heimdal)
2008-01-17 00:00:00
gentoo
gentoo
netkit-telnetd: Buffer overflow
2005-03-31 00:00:00
mit-krb5: Multiple buffer overflows in telnet client
2005-04-06 00:00:00
Heimdal: Buffer overflow vulnerabilities
2005-04-28 00:00:00
cbl_mariner
cbl_mariner
CVE-2005-0469 affecting package telnet 0.17-81
2024-05-05 21:06:53
ubuntucve
ubuntucve
CVE-2005-0469
2005-05-02 00:00:00
CVE-2005-2040
2005-06-20 00:00:00
osv
osv
netkit-telnet-ssl - buffer overflow
2005-03-29 00:00:00
netkit-telnet - buffer overflow
2005-03-29 00:00:00
krb5 - buffer overflows
2005-04-01 00:00:00
debiancve
debiancve
CVE-2005-0469
2005-05-02 04:00:00
CVE-2005-2040
2005-06-20 04:00:00
debian
debian
[SECURITY] [DSA 765-1] New heimdal packages fix arbitrary code execution
2005-07-27 06:22:40
[SECURITY] [DSA 697-1] New netkit-telnet packages fix arbitrary code execution
2005-03-29 08:06:08
[SECURITY] [DSA 765-1] New heimdal packages fix arbitrary code execution
2005-07-27 06:22:40
securityvulns
securityvulns
iDEFENSE Security Advisory 03.28.05: Multiple Telnet Client slc_add_reply&#40;&#41; Buffer Overflow Vulnerability
2005-03-31 00:00:00
cve
cve
CVE-2005-0469
2005-05-02 04:00:00
CVE-2005-2040
2005-06-20 04:00:00
redhat
redhat
(RHSA-2005:327) telnet security update
2005-03-28 00:00:00
(RHSA-2005:330) krb5 security update
2005-03-30 00:00:00
slackware
slackware
telnet client
2005-07-29 21:44:43
ubuntu
ubuntu
telnet vulnerabilities
2005-03-29 00:00:00
Kerberos vulnerabilities
2005-12-06 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-05:01.telnet
2005-03-28 00:00:00
f5
f5
BSD telnet vulnerabilities CAN-2005-0468 and CAN-2005-0469
2005-07-21 04:00:00
SOL4441 - BSD telnet vulnerabilities CAN-2005-0468 and CAN-2005-0469
2005-07-20 00:00:00
freebsd
freebsd
heimdal -- Multiple vulnerabilities
2006-02-06 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for DEBIAN:DSA-699-1:6A93B
checkpoint_advisories1cert2nessus22openvas37gentoo4cbl_mariner1ubuntucve2osv4debiancve2debian9securityvulns1cve2redhat2slackware1ubuntu2freebsd_advisory1f52freebsd1