CVE-2004-0640 — Use of Externally-Controlled Format String in Secure Telnet

5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

3.4%

top 12.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netkit Linux Netkit Ssltelnetd Secure Telnet

Timeline

PublishedAug 6

Latest updateApr 29

Description

Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDssltelnetd/secure_telnet0.13.1

▶NVDnetkit/linux_netkit0.17, 0.17.17+1

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-fhrm-2hv9-qhh7: Format string vulnerability in the SSL_set_verify function in telnetd↗2022-04-29

▶

OSV

CVE-2004-0640: Format string vulnerability in the SSL_set_verify function in telnetd↗2004-08-06

▶

CVEList

CVE-2004-0640: Format string vulnerability in the SSL_set_verify function in telnetd↗2004-07-09

▶

📋Vendor Advisories

Debian

CVE-2004-0640: netkit-telnet-ssl - Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLt...↗2004

▶