Vulnerability Description
Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netkit | Linux Netkit | 0.17 |
| Ssltelnetd | Secure Telnet | 0.13.1 |
References
- http://www.debian.org/security/2004/dsa-529PatchVendor Advisory
- http://www.idefense.com/application/poi/display?id=114&type=vulnerabilities
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16653
- http://www.debian.org/security/2004/dsa-529PatchVendor Advisory
- http://www.idefense.com/application/poi/display?id=114&type=vulnerabilities
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16653
FAQ
What is CVE-2004-0640?
CVE-2004-0640 is a vulnerability with a CVSS score of 10.0 (HIGH). Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code.
How severe is CVE-2004-0640?
CVE-2004-0640 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0640?
Check the references section above for vendor advisories and patch information. Affected products include: Netkit Linux Netkit, Ssltelnetd Secure Telnet.