VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 23, 2004· Updated Apr 16, 2026

CVE-2004-0998

CVE-2004-0998

Description

A format string vulnerability in telnetd-ssl 0.17 and earlier allows remote attackers to execute arbitrary code via crafted SSL error messages.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A format string vulnerability in telnetd-ssl 0.17 and earlier allows remote attackers to execute arbitrary code via crafted SSL error messages.

Vulnerability

telnetd-ssl, part of the Debian Netkit package, contains a format string vulnerability in versions 0.17 and earlier. The flaw occurs when the server processes specially crafted SSL error messages [1].

Exploitation

An attacker can trigger the vulnerability by sending a specially crafted SSL error message to a vulnerable telnetd-ssl server. No authentication is required; the attacker only needs network access to the telnet service [1].

Impact

Successful exploitation allows a remote attacker to execute arbitrary code on the affected system with the privileges of the telnetd process, typically root [1].

Mitigation

The vulnerability is fixed in Debian stable (woody) version 0.17.17+0.1-2woody3 and unstable (sid) version 0.17.24+0.1-6. Users should upgrade via DSA-616-1. No workaround is mentioned [1].

References
  1. CERT/CC Vulnerability Note VU#995038

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Telnetd/Telnetd2 versions
    cpe:2.3:a:telnetd:telnetd:0.17.18:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:telnetd:telnetd:0.17.18:*:*:*:*:*:*:*
    • cpe:2.3:a:telnetd:telnetd:0.17.25:*:*:*:*:*:*:*
  • Telnetd/Telnetd SSL4 versions
    cpe:2.3:a:telnetd:telnetd-ssl:0.17.17_0.1.1:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:telnetd:telnetd-ssl:0.17.17_0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:telnetd:telnetd-ssl:0.17.17_0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:telnetd:telnetd-ssl:0.17.17_0.1.2:*:woody1:*:*:*:*:*
    • (no CPE)range: <=0.17

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.