cvs commit: src/contrib/telnet/telnet telnet.c
Jacques A. Vidrine
nectar at FreeBSD.org
Mon Mar 28 06:46:30 PST 2005
On Mon, Mar 28, 2005 at 02:45:12PM +0000, Jacques A. Vidrine wrote:
> nectar 2005-03-28 14:45:12 UTC
> FreeBSD src repository
> Modified files:
> contrib/telnet/telnet telnet.c
> Correct a pair of buffer overflows in the telnet(1) command:
> (CAN-2005-0468) A heap buffer overflow in env_opt_add() and related
> (CAN-2005-0469) A global uninitialized data section buffer overflow in
> slc_add_reply() and related functions.
> As a result of these vulnerabilities, it may be possible for a malicious
> telnet server or active network attacker to cause telnet(1) to execute
> arbitrary code with the privileges of the user running it.
> Security: CAN-2005-0468, CAN-2005-0469
> Security: FreeBSD-SA-05:01.telnet
> Security: http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
> Security: http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities
> These fixes are based in part on patches
> Submitted by: Solar Designer <solar at openwall.com>
> Revision Changes Path
> 1.16 +24 -6 src/contrib/telnet/telnet/telnet.c
The references above may not be available yet, but will be later today.
Likewise, fixes to other FreeBSD branches are upcoming.
Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org
More information about the cvs-all