patch for SSLtelnet vulnerability (CAN-2004-0640)
Marques Johansson
marques at displague.com
Thu Jul 15 21:34:05 PDT 2004
Apologies in advance for not being familiar with FreeBSD's patch/ports
system. As far as I can tell, SSLtelnet, is depricated on FreeBSD. Even
so, I would like to offer the following patch to fix the vulnerability
described in CAN-2004-0640:
00_CAN-2004-0640-1.patch
< patch >
--- telnetd/telnetd.c.orig 2004-07-13 02:58:01.000000000 -0400
+++ telnetd/telnetd.c 2004-07-13 03:27:23.000000000 -0400
@@ -520,7 +520,7 @@
sprintf(errbuf,"SSL_accept error %s\n",
ERR_error_string(ERR_get_error(),NULL));
- syslog(LOG_WARNING, errbuf);
+ syslog(LOG_WARNING, "%.500s", errbuf);
BIO_printf(bio_err,errbuf);
< /patch >
Thanks. I am CC'ing this patch to the netkit maintainer email given in the package. I have already given this information to the Debian maintainer. OpenBSD, NetBSD, & Redhat appear not to use telnetd with SSL support. They favor use of "openssl s_client -connect host:port".
--
Marques Johansson
marques at displague.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2711 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20040716/c65c1db8/smime.bin
More information about the freebsd-ports
mailing list