| VID |
23012 |
| Severity |
40 |
| Port |
4224 |
| Protocol |
TCP |
| Class |
XTELLD |
| Detailed Description |
The xtell daemon is vulnerable to multiple buffer overflow attacks.
Xtell is a simple network messaging program. It may be used to transmit terminal messages between users and machines. xtell is available for Linux, BSD and most other Unix based operating systems.
Multiple buffer overflow vulnerabilities have been reported in some versions of xtell. Overflow conditions may be caused if long strings are sent by a malicious DNS server in response to the reverse lookup performed when a message is received, either through the auth string returned by the ident server, or through directly sending an overly long message to the vulnerable user.
Successful exploitation of these vulnerabilities may result in arbitrary code being executed as the xtell daemon.
Platforms Affected:
* xtell xtell 2.6.1
* References:
http://online.securityfocus.com/bid/4193
http://www.iss.net/security_center/static/8312.php |
| Recommendation |
For Debian GNU/Linux 2.2 (potato):
Upgrade to the latest version of xtell (1.91.1 or later), as listed in Debian Security Advisory DSA 121-1, http://www.debian.org/security/2002/dsa-121
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2002-0332 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
