cvs commit: src/contrib/telnet/telnet telnet.c

Jacques A. Vidrine nectar at FreeBSD.org
Mon Mar 28 06:46:30 PST 2005


On Mon, Mar 28, 2005 at 02:45:12PM +0000, Jacques A. Vidrine wrote:
> nectar      2005-03-28 14:45:12 UTC
> 
>   FreeBSD src repository
> 
>   Modified files:
>     contrib/telnet/telnet telnet.c 
>   Log:
>   Correct a pair of buffer overflows in the telnet(1) command:
>   
>    (CAN-2005-0468) A heap buffer overflow in env_opt_add() and related
>    functions.
>   
>    (CAN-2005-0469) A global uninitialized data section buffer overflow in
>    slc_add_reply() and related functions.
>   
>   As a result of these vulnerabilities, it may be possible for a malicious
>   telnet server or active network attacker to cause telnet(1) to execute
>   arbitrary code with the privileges of the user running it.
>   
>   Security: CAN-2005-0468, CAN-2005-0469
>   Security: FreeBSD-SA-05:01.telnet
>   Security: http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
>   Security: http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities
>   
>   These fixes are based in part on patches
>   Submitted by:   Solar Designer <solar at openwall.com>
>   
>   Revision  Changes    Path
>   1.16      +24 -6     src/contrib/telnet/telnet/telnet.c

The references above may not be available yet, but will be later today.
Likewise, fixes to other FreeBSD branches are upcoming.

Cheers,
-- 
Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org


More information about the cvs-all mailing list