Debian Security Advisory

Sec Linux Debian
  • DSA 528-1 New ethereal packages fix denial of service
Package        : ethereal
Vulnerability  : denial of service
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2004-0635

Several denial of service vulnerabilities were discovered in ethereal,
a network traffic analyzer.  These vulnerabilites are described in the
ethereal advisory "enpa-sa-00015".  Of these, only one (CAN-2004-0635)
affects the version of ethereal in Debian woody.  This vulnerability
could be exploited by a remote attacker to crash ethereal with an
invalid SNMP packet.

For the current stable distribution (woody), these problems have been
fixed in version 0.9.4-1woody8.

For the unstable distribution (sid), these problems have been fixed in
version 0.10.5-1.

We recommend that you update your ethereal package.


Package        : netkit-telnet-ssl
Vulnerability  : format string
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2004-0640

b0f discovered a format string vulnerability in netkit-telnet-ssl
which could potentially allow a remote attacker to cause the execution
of arbitrary code with the privileges of the telnet daemon (the
'telnetd' user by default).

For the current stable distribution (woody), this problem has been
fixed in version 0.17.17+0.1-2woody1.

For the unstable distribution (sid), this problem has been fixed in
version 0.17.24+0.1-2.

We recommend that you update your netkit-telnet-ssl package.
  • DSA 530-1 New l2tpd packages fix buffer overflow
Package        : l2tpd
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2004-0649

Thomas Walpuski reported a buffer overflow in l2tpd, an implementation
of the layer 2 tunneling protocol, whereby a remote attacker could
potentially cause arbitrary code to be executed by transmitting a
specially crafted packet.  The exploitability of this vulnerability
has not been verified.

For the current stable distribution (woody), this problem has been
fixed in version 0.67-1.2.

For the unstable distribution (sid), this problem has been fixed in
version 0.70-pre20031121-2.

We recommend that you update your l2tpd package.