patch for SSLtelnet vulnerability (CAN-2004-0640)

Marques Johansson marques at
Thu Jul 15 21:34:05 PDT 2004

Apologies in advance for not being familiar with FreeBSD's patch/ports 
system. As far as I can tell, SSLtelnet, is depricated on FreeBSD. Even 
so, I would like to offer the following patch to fix the vulnerability 
described in CAN-2004-0640:

< patch >
--- telnetd/telnetd.c.orig      2004-07-13 02:58:01.000000000 -0400
+++ telnetd/telnetd.c   2004-07-13 03:27:23.000000000 -0400
@@ -520,7 +520,7 @@
                sprintf(errbuf,"SSL_accept error %s\n",

-               syslog(LOG_WARNING, errbuf);
+               syslog(LOG_WARNING, "%.500s", errbuf);


< /patch >

Thanks.  I am CC'ing this patch to the netkit maintainer email given in the package.  I have already given this information to the Debian maintainer.  OpenBSD, NetBSD, & Redhat appear not to use telnetd with SSL support.  They favor use of "openssl s_client -connect host:port".

  Marques Johansson
 marques at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2711 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the freebsd-ports mailing list