CVE-2004-0911
netkit-telnet-ssl - invalid free(3)
EPSS 0.89%
Description
telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service (free of an invalid pointer), a different vulnerability than CVE-2001-0554.
How to fix CVE-2004-0911
To remediate CVE-2004-0911, upgrade the affected package to a fixed version below.
- Debian/netkit-telnet—upgrade to 0.17-26 or later
- Debian/netkit-telnet—upgrade to 0.17-18woody2 or later
- Debian/netkit-telnet-ssl—upgrade to 0.17.24+0.1-4 or later
- —upgrade to 0.17.17+0.1-2woody2 or later
Is CVE-2004-0911 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 0.17-26
- from 0, < 0.17-18woody2
- from 0, < 0.17.24+0.1-4
- from 0, < 0.17.17+0.1-2woody2