Date: 16 August 2001
References: ESB-2001.338
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2001.348 -- Debian Security Advisory DSA-075-1 and DSA-075-2
telnetd-ssl AYT buffer overflow
16 August 2001
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: netkit-telnet-ssl
Vendor: Debian
Operating System: Debian GNU/Linux 2.2
Platform: Alpha
ARM
i386
Motorola 680x0
PowerPC
SPARC
Impact: Execute Arbitrary Code/Commands
Access Required: Remote
Ref: ESB-2001.338
Note: This AusCERT ESB contains two Debian Security
Advisories. The second advisory is regarding
a correction to the patch location for Solaris
based systems running Debian GNU/Linux 2.2.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ------------------------------------------------------------------------
Debian Security Advisory DSA-075-1 security@debian.org
http://www.debian.org/security/ Robert van der Meulen
August 14, 2001
- - ------------------------------------------------------------------------
Package : netkit-telnet-ssl
Problem type : remote exploit
Debian-specific: no
The telnet daemon contained in the netkit-telnet-ssl_0.16.3-1 package in
the 'stable' (potato) distribution of Debian GNU/Linux is vulnerable to an
exploitable overflow in its output handling.
The original bug was found by <scut@nb.in-berlin.de>, and announced to
bugtraq on Jul 18 2001. At that time, netkit-telnet versions after 0.14 were
not believed to be vulnerable.
On Aug 10 2001, zen-parse posted an advisory based on the same problem, for
all netkit-telnet versions below 0.17.
More details can be found on http://www.securityfocus.com/archive/1/203000 .
As Debian uses the 'telnetd' user to run in.telnetd, this is not a remote
root compromise on Debian systems; the 'telnetd' user can be compromised.
We strongly advise you update your netkit-telnet-ssl packages to the versions
listed below.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
- - ---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives:
http://security.debian.org/dists/stable/updates/main/source/netkit-telnet-ssl_0.16.3-1.1.diff.gz
MD5 checksum: 953d3006b9491a441799f73633a72f05
http://security.debian.org/dists/stable/updates/main/source/netkit-telnet-ssl_0.16.3-1.1.dsc
MD5 checksum: aed9ded4b4d69dd852dfd5320a8a9cf5
http://security.debian.org/dists/stable/updates/main/source/netkit-telnet-ssl_0.16.3.orig.tar.gz
MD5 checksum: 999a416e11e9a9750b0ec2428eeabe1d
Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/ssltelnet_0.16.3-1.1_alpha.deb
MD5 checksum: 92680b907a65008e04cc0cf16ce1d87f
http://security.debian.org/dists/stable/updates/main/binary-alpha/telnet-ssl_0.16.3-1.1_alpha.deb
MD5 checksum: 4d4f6e8ee1e06eacb416de4733f45170
http://security.debian.org/dists/stable/updates/main/binary-alpha/telnetd-ssl_0.16.3-1.1_alpha.deb
MD5 checksum: dec52e65bb6304fd353e2af33adedb7c
ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/ssltelnet_0.16.3-1.1_arm.deb
MD5 checksum: 668f8343d7e6ed824a55d8510723cc2a
http://security.debian.org/dists/stable/updates/main/binary-arm/telnet-ssl_0.16.3-1.1_arm.deb
MD5 checksum: c3bacf45513033a66bfefcf370e295c9
http://security.debian.org/dists/stable/updates/main/binary-arm/telnetd-ssl_0.16.3-1.1_arm.deb
MD5 checksum: 3241dbd7380b97edec177305694891ae
Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/ssltelnet_0.16.3-1.1_i386.deb
MD5 checksum: aec70bdc25994a1a885fac130a426ddc
http://security.debian.org/dists/stable/updates/main/binary-i386/telnet-ssl_0.16.3-1.1_i386.deb
MD5 checksum: 4b97d30b1417a9e2ebb8d941c9486451
http://security.debian.org/dists/stable/updates/main/binary-i386/telnetd-ssl_0.16.3-1.1_i386.deb
MD5 checksum: a6d456dc0a9789436dd4f92ace9dadf6
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/ssltelnet_0.16.3-1.1_m68k.deb
MD5 checksum: a38f77d83afc1daeb9b23a91cdd90478
http://security.debian.org/dists/stable/updates/main/binary-m68k/telnet-ssl_0.16.3-1.1_m68k.deb
MD5 checksum: 0cb485fb260ac74b411b8b82bd299d04
http://security.debian.org/dists/stable/updates/main/binary-m68k/telnetd-ssl_0.16.3-1.1_m68k.deb
MD5 checksum: 3c6cfd4542145edac7a9c4b55a59a896
PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/ssltelnet_0.16.3-1.1_powerpc.deb
MD5 checksum: 983ec249db831da8f01e730f5265207e
http://security.debian.org/dists/stable/updates/main/binary-powerpc/telnet-ssl_0.16.3-1.1_powerpc.deb
MD5 checksum: f069f9a731337b7bcc60db23ca2707ee
http://security.debian.org/dists/stable/updates/main/binary-powerpc/telnetd-ssl_0.16.3-1.1_powerpc.deb
MD5 checksum: 3627da7c28bb071a157f2cab29bd4ad9
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/ssltelnet_0.16.3-1.1_sparc.deb
MD5 checksum: 7c108a2fd7d4a86513baa3849076882a
http://security.debian.org/dists/stable/updates/main/binary-sparc/telnet-ssl_0.16.3-1.1_sparc.deb
MD5 checksum: 8951b3d32c086ba5fe81a3f62578dd89
http://security.debian.org/dists/stable/updates/main/binary-sparc/telnetd-ssl_0.16.3-1.1_sparc.deb
MD5 checksum: 5ca8897ae2bb3afeb3a0c1b0f34677bc
These packages will be moved into the stable distribution on its next
revision.
For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
- - --
- - ----------------------------------------------------------------------------
apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7eSu0FLJHZigagQ4RAtV/AJ4qx2aStYduXzDhetoslQw52ezeeACcDCeo
naqx0Eyplu6pODDYuv9iD98=
=Vyh4
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ----------------------------------------------------------------------------
Debian Security Advisory DSA 075-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 14, 2001
- - ----------------------------------------------------------------------------
Package : netkit-telnet-ssl
Vulnerability : output buffer overflow
Problem-Type : remote exploit
Debian-specific: no
This is a followup to the problem described in DSA 075-1. Please read
the original advisory to find out more about the security problem.
This advisory and upload only fixes a problem with binary packages for
sparc that were mistakenly linked to the wrong library.
We recommend that you upgrade your netkit-telnet-ssl packages
immediately if you are running a sparc system.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato
- - ------------------------------------
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/ssltelnet_0.16.3-1.2_sparc.deb
MD5 checksum: 904e2032b596c5c3f322c7bc1367a13b
http://security.debian.org/dists/stable/updates/main/binary-sparc/telnet-ssl_0.16.3-1.2_sparc.deb
MD5 checksum: 0195eb363ae3b4b8cf31b3377b39d6f7
http://security.debian.org/dists/stable/updates/main/binary-sparc/telnetd-ssl_0.16.3-1.2_sparc.deb
MD5 checksum: 77675569c391c62aaf91d0fecd3f4b08
These files will be moved into the stable distribution on its next
revision.
- - ----------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7eaJ7W5ql+IAeqTIRArNSAKCQynpmmAeaypCWcVHxbIHFs818ywCeO+u6
9HkO+x+FnKETwpT+YYAdvAY=
=6tb3
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/Information/advisories.html
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBO3vqrih9+71yA2DNAQG83wP/TCAtVhDlkvYA/Ie4XrUKHsSqz96sbySf
7W1OzhyqYRch+s2yTrRKQq9KgMGMcEpbOp2RSaOidaJ0uNpCjVVrTTPOTvfz4rMg
jmYsVXGvij8jIEdKcRpUh+bgVAXEnbWv7GYZCdOXJ9ljYiwDHP8x5KHjhBwxFV5J
GpGYEO/TY/U=
=wh0S
-----END PGP SIGNATURE-----
|