• info
• discussion
• exploit
• solution
• references

Debian GNU/Linux Telnetd Invalid Memory Handling Vulnerability

Solution:
Debian GNU/Linux has released advisory DSA 556-1, along with fixes to address this issue.

Debian Linux has released advisory DSA 569-1 dealing with this issue for their telnet-ssl distribution. Please see the referenced advisory for more information.

Debian has released DSA 556-2, which is a revision to their first advisory. This revision includes new fixes that reportedly resolve the issue where the original fixes did not. Please see the referenced advisory for more information.


Debian telnetd 0.17 -18

• Debian telnet_0.17-18woody1_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0. 17-18woody1_alpha.deb


• Debian telnet_0.17-18woody1_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0. 17-18woody1_arm.deb


• Debian telnet_0.17-18woody1_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0. 17-18woody1_hppa.deb


• Debian telnet_0.17-18woody1_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0. 17-18woody1_i386.deb


• Debian telnet_0.17-18woody1_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0. 17-18woody1_ia64.deb


• Debian telnet_0.17-18woody1_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0. 17-18woody1_m68k.deb


• Debian telnet_0.17-18woody1_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0. 17-18woody1_mips.deb


• Debian telnet_0.17-18woody1_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0. 17-18woody1_mipsel.deb


• Debian telnet_0.17-18woody1_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0. 17-18woody1_powerpc.deb


• Debian telnet_0.17-18woody1_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0. 17-18woody1_s390.deb


• Debian telnet_0.17-18woody1_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0. 17-18woody1_sparc.deb


• Debian telnetd_0.17-18woody1_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0 .17-18woody1_alpha.deb


• Debian telnetd_0.17-18woody1_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0 .17-18woody1_arm.deb


• Debian telnetd_0.17-18woody1_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0 .17-18woody1_hppa.deb


• Debian telnetd_0.17-18woody1_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0 .17-18woody1_i386.deb


• Debian telnetd_0.17-18woody1_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0 .17-18woody1_ia64.deb


• Debian telnetd_0.17-18woody1_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0 .17-18woody1_m68k.deb


• Debian telnetd_0.17-18woody1_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0 .17-18woody1_mips.deb


• Debian telnetd_0.17-18woody1_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0 .17-18woody1_mipsel.deb


• Debian telnetd_0.17-18woody1_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0 .17-18woody1_powerpc.deb


• Debian telnetd_0.17-18woody1_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0 .17-18woody1_s390.deb


• Debian telnetd_0.17-18woody1_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0 .17-18woody1_sparc.deb

Debian telnetd-ssl 0.17.17 +0.1-2woody1

• Debian telnet-ssl_0.17.17+0.1-2woody2_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody2_alpha.deb


• Debian telnet-ssl_0.17.17+0.1-2woody2_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody2_arm.deb


• Debian telnet-ssl_0.17.17+0.1-2woody2_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody2_hppa.deb


• Debian telnet-ssl_0.17.17+0.1-2woody2_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody2_i386.deb


• Debian telnet-ssl_0.17.17+0.1-2woody2_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody2_ia64.deb


• Debian telnet-ssl_0.17.17+0.1-2woody2_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody2_m68k.deb


• Debian telnet-ssl_0.17.17+0.1-2woody2_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody2_mips.deb


• Debian telnet-ssl_0.17.17+0.1-2woody2_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody2_mipsel.deb


• Debian telnet-ssl_0.17.17+0.1-2woody2_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody2_powerpc.deb


• Debian telnet-ssl_0.17.17+0.1-2woody2_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody2_s390.deb


• Debian telnet-ssl_0.17.17+0.1-2woody2_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne t-ssl_0.17.17+0.1-2woody2_sparc.deb


• Debian telnetd-ssl_0.17.17+0.1-2woody2_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody2_alpha.deb


• Debian telnetd-ssl_0.17.17+0.1-2woody2_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody2_arm.deb


• Debian telnetd-ssl_0.17.17+0.1-2woody2_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody2_hppa.deb


• Debian telnetd-ssl_0.17.17+0.1-2woody2_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody2_i386.deb


• Debian telnetd-ssl_0.17.17+0.1-2woody2_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody2_ia64.deb


• Debian telnetd-ssl_0.17.17+0.1-2woody2_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody2_m68k.deb


• Debian telnetd-ssl_0.17.17+0.1-2woody2_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody2_mips.deb


• Debian telnetd-ssl_0.17.17+0.1-2woody2_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody2_mipsel.deb


• Debian telnetd-ssl_0.17.17+0.1-2woody2_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody2_powerpc.deb


• Debian telnetd-ssl_0.17.17+0.1-2woody2_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody2_s390.deb


• Debian telnetd-ssl_0.17.17+0.1-2woody2_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telne td-ssl_0.17.17+0.1-2woody2_sparc.deb