cvs commit: src/contrib/telnet/telnet telnet.c
Jacques A. Vidrine
nectar at FreeBSD.org
Mon Mar 28 06:46:30 PST 2005
On Mon, Mar 28, 2005 at 02:45:12PM +0000, Jacques A. Vidrine wrote:
> nectar 2005-03-28 14:45:12 UTC
>
> FreeBSD src repository
>
> Modified files:
> contrib/telnet/telnet telnet.c
> Log:
> Correct a pair of buffer overflows in the telnet(1) command:
>
> (CAN-2005-0468) A heap buffer overflow in env_opt_add() and related
> functions.
>
> (CAN-2005-0469) A global uninitialized data section buffer overflow in
> slc_add_reply() and related functions.
>
> As a result of these vulnerabilities, it may be possible for a malicious
> telnet server or active network attacker to cause telnet(1) to execute
> arbitrary code with the privileges of the user running it.
>
> Security: CAN-2005-0468, CAN-2005-0469
> Security: FreeBSD-SA-05:01.telnet
> Security: http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
> Security: http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities
>
> These fixes are based in part on patches
> Submitted by: Solar Designer <solar at openwall.com>
>
> Revision Changes Path
> 1.16 +24 -6 src/contrib/telnet/telnet/telnet.c
The references above may not be available yet, but will be later today.
Likewise, fixes to other FreeBSD branches are upcoming.
Cheers,
--
Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org
More information about the cvs-src
mailing list