CVE-2002-0333

Name of the Vulnerable Software and Affected Versions xtell versions 1.91.1 and earlier xtell versions 2.x before 2.7

Description The issue concerns multiple vulnerabilities in the xtell package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. A directory traversal vulnerability in xtell (xtelld) allows remote attackers to read files with short names by using a .. in the TTY argument. Local users can also read more files using a symlink with a short name.

Recommendations For versions 1.91.1 and earlier, update to a version later than 1.91.1 to resolve the issue. For versions 2.x before 2.7, update to version 2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the TTY argument to minimize the risk of exploitation.