Debian GNU/Linux netstd multiple utilities buffer overflow
|netstd-utilities-bo (9164)||High Risk|
The netstd package is vulnerable to a buffer overflow, caused by improper handling of resolved hostnames. A remote attacker in control of a DNS (Domain Name System) server could overflow a buffer in one of the affected utilities to possibly execute arbitrary code on the system.
The netstd 3.07-17 package is a legacy package and should be removed from your system as recommended by Debian. See References.
- BugTraq Mailing List, Fri May 24 2002 - 03:39:23 CDT: Netstd 3.07-17 multiple remote buffer overflows.
- BugTraq Mailing List, Sat May 25 2002 - 04:01:47 CDT: Re: Netstd 3.07-17 multiple remote buffer overflows.
- Debian GNU/Linux Web site: Package: netstd 3.07-17.
- BID-4816: Debian GNU/Linux netstd Multiple Buffer Overflow Vulnerabilities
- CVE-2002-0910: Buffer overflows in netstd 3.07-17 package allows remote DNS servers to execute arbitrary code via a long FQDN reply, as observed in the utilities (1) linux-ftpd, (2) pcnfsd, (3) tftp, (4) traceroute, or (5) from/to.
- OSVDB ID: 14450: netstd linux-ftpd Long FQDN Reply Overflow
- OSVDB ID: 14451: netstd pcnfsd Long FQDN Reply Overflow
- OSVDB ID: 14452: netstd tftp Long FQDN Reply Overflow
- OSVDB ID: 14453: netstd traceroute Long FQDN Reply Overflow
- OSVDB ID: 14454: netstd from/to Long FQDN Reply Overflow
- Debian Debian Linux
- Debian netstd 3.07
May 24, 2002