Debian Security Advisory DSA 075-1 (netkit-telnet-ssl)

The remote host is missing an update to netkit-telnet-ssl announced via advisory DSA 075-1.
The telnet daemon contained in the netkit-telnet-ssl_0.16.3-1 package in the 'stable' (potato) distribution of Debian GNU/Linux is vulnerable to an exploitable overflow in its output handling. The original bug was found by <>, and announced to bugtraq on Jul 18 2001. At that time, netkit-telnet versions after 0.14 were not believed to be vulnerable. On Aug 10 2001, zen-parse posted an advisory based on the same problem, for all netkit-telnet versions below 0.17. More details can be found on . As Debian uses the 'telnetd' user to run in.telnetd, this is not a remote root compromise on Debian systems the 'telnetd' user can be compromised. We strongly advise you update your netkit-telnet-ssl packages to the versions listed below.