The netstd package in Debian GNU/Linux is vulnerable to two buffer overflow attacks. The first vulnerability is present in the bootp server, while the second vulnerability exists in the FTP client. The bootp server vulnerability can allow a remote attacker to fully compromise a vulnerable host by exploiting improper bounds checking in the handling of boot file/location specified in a bootp request packet and in the error logging facility. The FTP client vulnerability can be exploited by a local attacker to potentially elevate privileges.