Denial-of-service, buffer overflow and format string vulnerabilities in Debian GNU/Linux that an attacker could use to remotely execute malicious code or crash machines has been fixed. Flaws and fixes in the operating system are outlined in three advisories Debian released over the weekend.
The first fix is for a format string vulnerability in netkit-telnet-ssl, which could allow a remote attacker to execute arbitrary code with the privileges of the telnet daemon (the 'telnetd' user by default). For the stable system, called Woody, the problem has been fixed in version 0.17.17+0.1-2woody1. For the unstable system, called Sid, the problem has been fixed in version 0.17.24+0.1-2.
Copenhagen, Denmark-based IT security firm Secunia calls this flaw "highly critical."
The second fix is for a buffer overflow in l2tpd, an implementation of the layer 2 tunneling protocol. An attacker could use this to execute arbitrary code by transmitting a specially crafted packet. For Woody, Debian said the problem has been fixed in version 0.67-1.2. For Sid, the problem has been fixed in version 0.70-pre20031121-2.
Secunia calls this flaw "moderately critical."
The third fix is for several denial-of-service vulnerabilities in Ethereal, a network traffic analyzer. A malicious person could exploit it to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file. The problem was first reported July 6 and affects versions 0.8.15 up to and including 0.10.4.
Secunia calls the Ethereal flaw "less critical."