lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 18 Oct 2004 12:31:37 +0200 (CEST)
From: joey@...odrom.org (Martin Schulze)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 556-2] New netkit-telnet packages really fix denial of service


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 556-2                     security@...ian.org
http://www.debian.org/security/                             Martin Schulze
XXXXX 8th, 2004                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : netkit-telnet
Vulnerability  : invalid free(3)
Problem-Type   : remote
Debian-specific: yes
CVE ID         : CAN-2004-0911
Debian Bug     : 273694

This is an update for DSA 556-1 which was intended to fix a denial of
service situation in netkit-telnet but didn't.  The update for
unstable did fix the problem.  For completeness below is the original
advisory text:

  Michal Zalewski discovered a bug in the netkit-telnet server (telnetd)
  whereby a remote attacker could cause the telnetd process to free an
  invalid pointer.  This causes the telnet server process to crash,
  leading to a straightforward denial of service (inetd will disable the
  service if telnetd is crashed repeatedly), or possibly the execution
  of arbitrary code with the privileges of the telnetd process (by
  default, the 'telnetd' user).

  For the unstable distribution (sid) this problem has been fixed in
  version 0.17-26.

For the stable distribution (woody) this problem has been fixed in
version 0.17-18woody2.

We recommend that you upgrade your netkit-telnet-ssl package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17-18woody2.dsc
      Size/MD5 checksum:      602 5c4291548c60df2607baabc8af77fe88
    http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17-18woody2.diff.gz
      Size/MD5 checksum:    21969 e29d25caa0138fe87b26f2fee609698d
    http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17.orig.tar.gz
      Size/MD5 checksum:   133749 d6beabaaf53fe6e382c42ce3faa05a36

  Alpha architecture:

    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_alpha.deb
      Size/MD5 checksum:    84150 5cd0073e1d87493de0e9347e08b33e4c
    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_alpha.deb
      Size/MD5 checksum:    45804 4f5924c6b71a716bbae5ff32aebdaee1

  ARM architecture:

    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_arm.deb
      Size/MD5 checksum:    69924 8bb25a534f053a693aa971df0e15d71f
    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_arm.deb
      Size/MD5 checksum:    39618 2cfc8d96f00bb739333adf0659caceb6

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_i386.deb
      Size/MD5 checksum:    70944 f8361dcb79029ba42c929a4eec1c9f2c
    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_i386.deb
      Size/MD5 checksum:    38594 8619caa3b44632443cde32a032100d3f

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_ia64.deb
      Size/MD5 checksum:   102740 d9839694911c708b6e76de4f41434b24
    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_ia64.deb
      Size/MD5 checksum:    52486 8d7c4b6f977d5f01e93ef2437829202d

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_hppa.deb
      Size/MD5 checksum:    69972 f5eb1bcafb1306cad596edc9e177eb7d
    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_hppa.deb
      Size/MD5 checksum:    43514 00b12715674693c3413dc74393d13cd7

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_m68k.deb
      Size/MD5 checksum:    67156 3a4ba0fc24b5fbdc6cd07dfe369ff051
    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_m68k.deb
      Size/MD5 checksum:    37452 951df56394fe48d8b2545c9595280307

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_mips.deb
      Size/MD5 checksum:    80850 b2b47cef8c63aeae88939319ccffeb4a
    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_mips.deb
      Size/MD5 checksum:    42610 3da3497520b9b63aa76860249ffa19a8

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_mipsel.deb
      Size/MD5 checksum:    80746 23cc994b10106a96da77b8b4c09db293
    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_mipsel.deb
      Size/MD5 checksum:    42602 eaa443670708c98ca589e8c79b7e130d

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_powerpc.deb
      Size/MD5 checksum:    73210 279bd225fed44479f70d231244378a34
    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_powerpc.deb
      Size/MD5 checksum:    40256 ded106aca9111c910eed3e0c8471f90d

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_s390.deb
      Size/MD5 checksum:    73160 4b6a667921fad470fc9cf2ea5a337987
    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_s390.deb
      Size/MD5 checksum:    41218 25a8ed701f933546d375626adc5af142

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_sparc.deb
      Size/MD5 checksum:    74160 ec213a37a00451e2c6d7e0ef8867acae
    http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_sparc.deb
      Size/MD5 checksum:    45324 8af7b133cbf41eafc21886bed81b1c84


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBc5uJW5ql+IAeqTIRAqxvAJ9toVvFYlXmTUUQoQzOdbbOp0+CrgCfQAHm
4XToD3nEV89dH06+YT8jqb8=
=EqQz
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ