cvs commit: src/crypto/heimdal-0.6.3/appl/telnet/telnet telnet.c src/crypto/telnet/telnet telnet.c src/usr.bin/telnet telnet.c
David Rhodus
drhodus at crater.dragonflybsd.org
Mon Mar 28 10:03:59 PST 2005
drhodus 2005/03/28 10:03:33 PST
DragonFly src repository
Modified files:
crypto/heimdal-0.6.3/appl/telnet/telnet telnet.c
crypto/telnet/telnet telnet.c
usr.bin/telnet telnet.c
Log:
Correct a pair of buffer overflows in the telnet(1) command:
CAN-2005-0468) A heap buffer overflow in env_opt_add() and related
functions.
(CAN-2005-0469) A global uninitialized data section buffer overflow in
slc_add_reply() and related functions.
As a result of these vulnerabilities, it may be possible for a malicious
telnet server or active network attacker to cause telnet(1) to execute
arbitrary code with the privileges of the user running it.
These fixes are based in part on patches
Submitted by: Solar Designer <solar at xxxxxxxxxxxx>
With calibration with the FreeBSD security officer: Jacques Vidrine <nectar at xxxxxxxxxxx>
Revision Changes Path
1.2 +23 -7 src/crypto/heimdal-0.6.3/appl/telnet/telnet/telnet.c
1.3 +24 -8 src/crypto/telnet/telnet/telnet.c
1.3 +25 -5 src/usr.bin/telnet/telnet.c
http://www.dragonflybsd.org/cvsweb/src/crypto/heimdal-0.6.3/appl/telnet/telnet/telnet.c.diff?r1=1.1&r2=1.2&f=u
http://www.dragonflybsd.org/cvsweb/src/crypto/telnet/telnet/telnet.c.diff?r1=1.2&r2=1.3&f=u
http://www.dragonflybsd.org/cvsweb/src/usr.bin/telnet/telnet.c.diff?r1=1.2&r2=1.3&f=u
More information about the Commits
mailing list