git: DragonFly_RELEASE_2_10 telnetd: Validate key length prior to copying into a fixed buffer.

Peter Avalos pavalos at crater.dragonflybsd.org
Fri Dec 23 10:29:42 PST 2011


commit 75df574506ea14695f2e86f863d312d284086d6d
Author: Peter Avalos <pavalos at dragonflybsd.org>
Date:   Fri Dec 23 10:16:31 2011 -0800

    telnetd:  Validate key length prior to copying into a fixed buffer.
    
    It's possible for a remote attacker to execute arbitrary code with the
    privileges of the telnetd daemon (normally root) prior to this fix.
    CVE-2011-4862
    
    Obtained-from:   FreeBSD-SA-11:08.telnetd

Summary of changes:
 lib/libtelnet/encrypt.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/75df574506ea14695f2e86f863d312d284086d6d


-- 
DragonFly BSD source repository





More information about the Commits mailing list