PT-2002-1004 · Debian · Xtel

Published

2002-05-03

Updated

2016-10-18

CVE-2002-0334

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions xtel (xtell) versions 1.91.1 and earlier xtel (xtell) versions 2.x before 2.7

Description The issue concerns multiple vulnerabilities in the xtel (xtell) package of the Debian GNU/Linux operating system. These vulnerabilities can be exploited to compromise the confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely.

Recommendations For xtel (xtell) versions 1.91.1 and earlier, update to a version later than 1.91.1 to resolve the issue. For xtel (xtell) versions 2.x before 2.7, update to version 2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the .xtell-log file to prevent a symlink attack until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-01330

BDU:2015-02180

CVE-2002-0334

Affected Products

Xtel

PT-2002-1004 · Debian · Xtel

CVE-2002-0334

Related Identifiers

Affected Products

References · 12