---

Debian GNU/Linux Advisories: netkit-telnet-ssl, netkit-telnet


Debian Security Advisory DSA 569-1 [email protected]
http://www.debian.org/security/
Martin Schulze
October 18th, 2004 http://www.debian.org/security/faq


Package : netkit-telnet-ssl
Vulnerability : invalid free(3)
Problem-Type : remote
Debian-specific: yes
CVE ID : CAN-2004-0911
Debian Bug : 273694

Michal Zalewski discovered a bug in the netkit-telnet server
(telnetd) whereby a remote attacker could cause the telnetd process
to free an invalid pointer. This causes the telnet server process
to crash, leading to a straightforward denial of service (inetd
will disable the service if telnetd is crashed repeatedly), or
possibly the execution of arbitrary code with the privileges of the
telnetd process (by default, the ‘telnetd’ user).

For the stable distribution (woody) this problem has been fixed
in version 0.17.17+0.1-2woody2

For the unstable distribution (sid) this problem has been fixed
in version 0.17.24+0.1-4.

We recommend that you upgrade your netkit-telnet-ssl
package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody2.dsc

Size/MD5 checksum: 669 c0333bf798925d74a2b0cd156eb691cc

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody2.diff.gz

Size/MD5 checksum: 8632 d0b418abcc29fc1790ab5aafb6836dd1

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1.orig.tar.gz

Size/MD5 checksum: 167658 faf2d112bc4d44f522bad3bc73da8d6d

Alpha architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_alpha.deb

Size/MD5 checksum: 101014 abb3671e001662e6e5166d716ad8bfb6

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_alpha.deb

Size/MD5 checksum: 56848 bb8b0d77208c7f44c63e95a4f7083e21

ARM architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_arm.deb

Size/MD5 checksum: 85130 a87761b01081e99e8acc94f40f3aa50b

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_arm.deb

Size/MD5 checksum: 48482 cabc1071adeac0c6472dfb10731d6995

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_i386.deb

Size/MD5 checksum: 85456 5f9f99786a8a26c0dcdfacbd2da11383

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_i386.deb

Size/MD5 checksum: 46586 fee9f04d1a9768f278537e5571300257

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_ia64.deb

Size/MD5 checksum: 123126 5ed1d2854d7e91f90724bebcf590252f

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_ia64.deb

Size/MD5 checksum: 66550 dd096a3593565c983d94730eae09eee9

HP Precision architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_hppa.deb

Size/MD5 checksum: 86484 f8105593d974b60cd6fcb5f23c41a890

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_hppa.deb

Size/MD5 checksum: 53812 a2a6d0755b21d53714b34d1a3a38450c

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_m68k.deb

Size/MD5 checksum: 81360 2a99b7a46d1e7f4abad46afef6549351

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_m68k.deb

Size/MD5 checksum: 45370 31cb862bbaefbcc9520834fd7393abfb

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_mips.deb

Size/MD5 checksum: 97340 31a847f384aa1410f31785185d52bd75

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_mips.deb

Size/MD5 checksum: 52136 311f7252452a4b39168a9ead120f71b2

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_mipsel.deb

Size/MD5 checksum: 97156 de9a70f8a3893c6698d001970c863341

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_mipsel.deb

Size/MD5 checksum: 52116 6086a1e35d1c224ece0083aaf798468a

PowerPC architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_powerpc.deb

Size/MD5 checksum: 88072 2b57b6050d961c729870c33346d5c95c

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_powerpc.deb

Size/MD5 checksum: 48690 28bc44df1d4506e0231ece63f1ee8b86

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_s390.deb

Size/MD5 checksum: 88562 77152b7fa6062a90eb505216f1d26bab

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_s390.deb

Size/MD5 checksum: 50266 c8deb57a9029c38d2fe5f08d11c8c466

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_sparc.deb

Size/MD5 checksum: 89212 7b810e8f0f16651b4c1d0e5bd4142031

http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_sparc.deb

Size/MD5 checksum: 54466 b82619bdb5299873a25cbbedf541ff15

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 556-2 [email protected]
http://www.debian.org/security/
Martin Schulze
October 18th, 2004 http://www.debian.org/security/faq


Package : netkit-telnet
Vulnerability : invalid free(3)
Problem-Type : remote
Debian-specific: yes
CVE ID : CAN-2004-0911 Debian Bug : 273694

This is an update for DSA 556-1 which was intended to fix a
denial of service situation in netkit-telnet but didn’t. The update
for unstable did fix the problem. For completeness below is the
original advisory text:

Michal Zalewski discovered a bug in the netkit-telnet server
(telnetd) whereby a remote attacker could cause the telnetd process
to free an invalid pointer. This causes the telnet server process
to crash, leading to a straightforward denial of service (inetd
will disable the service if telnetd is crashed repeatedly), or
possibly the execution of arbitrary code with the privileges of the
telnetd process (by default, the ‘telnetd’ user).

For the unstable distribution (sid) this problem has been fixed
in version 0.17-26.

For the stable distribution (woody) this problem has been fixed
in version 0.17-18woody2.

We recommend that you upgrade your netkit-telnet-ssl
package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17-18woody2.dsc

Size/MD5 checksum: 602 5c4291548c60df2607baabc8af77fe88

http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17-18woody2.diff.gz

Size/MD5 checksum: 21969 e29d25caa0138fe87b26f2fee609698d

http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17.orig.tar.gz

Size/MD5 checksum: 133749 d6beabaaf53fe6e382c42ce3faa05a36

Alpha architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_alpha.deb

Size/MD5 checksum: 84150 5cd0073e1d87493de0e9347e08b33e4c

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_alpha.deb

Size/MD5 checksum: 45804 4f5924c6b71a716bbae5ff32aebdaee1

ARM architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_arm.deb

Size/MD5 checksum: 69924 8bb25a534f053a693aa971df0e15d71f

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_arm.deb

Size/MD5 checksum: 39618 2cfc8d96f00bb739333adf0659caceb6

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_i386.deb

Size/MD5 checksum: 70944 f8361dcb79029ba42c929a4eec1c9f2c

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_i386.deb

Size/MD5 checksum: 38594 8619caa3b44632443cde32a032100d3f

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_ia64.deb

Size/MD5 checksum: 102740 d9839694911c708b6e76de4f41434b24

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_ia64.deb

Size/MD5 checksum: 52486 8d7c4b6f977d5f01e93ef2437829202d

HP Precision architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_hppa.deb

Size/MD5 checksum: 69972 f5eb1bcafb1306cad596edc9e177eb7d

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_hppa.deb

Size/MD5 checksum: 43514 00b12715674693c3413dc74393d13cd7

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_m68k.deb

Size/MD5 checksum: 67156 3a4ba0fc24b5fbdc6cd07dfe369ff051

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_m68k.deb

Size/MD5 checksum: 37452 951df56394fe48d8b2545c9595280307

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_mips.deb

Size/MD5 checksum: 80850 b2b47cef8c63aeae88939319ccffeb4a

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_mips.deb

Size/MD5 checksum: 42610 3da3497520b9b63aa76860249ffa19a8

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_mipsel.deb

Size/MD5 checksum: 80746 23cc994b10106a96da77b8b4c09db293

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_mipsel.deb

Size/MD5 checksum: 42602 eaa443670708c98ca589e8c79b7e130d

PowerPC architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_powerpc.deb

Size/MD5 checksum: 73210 279bd225fed44479f70d231244378a34

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_powerpc.deb

Size/MD5 checksum: 40256 ded106aca9111c910eed3e0c8471f90d

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_s390.deb

Size/MD5 checksum: 73160 4b6a667921fad470fc9cf2ea5a337987

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_s390.deb

Size/MD5 checksum: 41218 25a8ed701f933546d375626adc5af142

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_sparc.deb

Size/MD5 checksum: 74160 ec213a37a00451e2c6d7e0ef8867acae

http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_sparc.deb

Size/MD5 checksum: 45324 8af7b133cbf41eafc21886bed81b1c84

These files will probably be moved into the stable distribution
on its next update.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>