CVE-2004-0640
netkit-telnet-ssl - format string
EPSS 3.4%
Description
Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code.
How to fix CVE-2004-0640
To remediate CVE-2004-0640, upgrade the affected package to a fixed version below.
- Debian/netkit-telnet-ssl—upgrade to 0.17.24+0.1-2 or later
- Debian/netkit-telnet-ssl—upgrade to 0.17.17+0.1-2woody1 or later
Is CVE-2004-0640 being exploited?
Low — EPSS is 3.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.17.24+0.1-2
- from 0, < 0.17.17+0.1-2woody1