patch for SSLtelnet vulnerability (CAN-2004-0640)
David A. Holland
dholland at www.linux.org.uk
Sun Jul 18 14:27:15 PDT 2004
> Apologies in advance for not being familiar with FreeBSD's patch/ports
> system. As far as I can tell, SSLtelnet, is depricated on FreeBSD. Even
> so, I would like to offer the following patch to fix the vulnerability
> described in CAN-2004-0640:
>
> 00_CAN-2004-0640-1.patch
> < patch >
> --- telnetd/telnetd.c.orig 2004-07-13 02:58:01.000000000 -0400
> +++ telnetd/telnetd.c 2004-07-13 03:27:23.000000000 -0400
> @@ -520,7 +520,7 @@
> sprintf(errbuf,"SSL_accept error %s\n",
> ERR_error_string(ERR_get_error(),NULL));
>
> - syslog(LOG_WARNING, errbuf);
> + syslog(LOG_WARNING, "%.500s", errbuf);
>
> BIO_printf(bio_err,errbuf);
>
> < /patch >
>
> Thanks. I am CC'ing this patch to the netkit maintainer email
> given in the package. I have already given this information to the
> Debian maintainer. OpenBSD, NetBSD, & Redhat appear not to use
> telnetd with SSL support. They favor use of "openssl s_client
> -connect host:port".
Hi,
netkit-telnet's telnetd does not have this code. (SSL telnet is not
itself part of netkit, though it might be derived from the netkit
telnetd.)
I'd be more worried about the sprintf call I see in the patch context;
that one looks like it's likely harmless, but if there's one there's
probably more.
The legacy telnetd source all these things are derived from is evil
and fundamentally insecure; I'd encourage anyone interested in having
an SSL-enabled telnetd to do the world a service and write new
telnetd code from scratch.
--
David A. Holland dholland at ftp.uk.linux.org
NetKit Maintenance netbug at ftp.uk.linux.org
(if in doubt, use the netkit-0.18 pre1 snap, not 0.17; I haven't had
time to do a new snap, much less a release, and won't for a while)
More information about the freebsd-ports
mailing list