git: DragonFly_RELEASE_2_10 telnetd: Validate key length prior to copying into a fixed buffer.
Peter Avalos
pavalos at crater.dragonflybsd.org
Fri Dec 23 10:29:42 PST 2011
commit 75df574506ea14695f2e86f863d312d284086d6d
Author: Peter Avalos <pavalos at dragonflybsd.org>
Date: Fri Dec 23 10:16:31 2011 -0800
telnetd: Validate key length prior to copying into a fixed buffer.
It's possible for a remote attacker to execute arbitrary code with the
privileges of the telnetd daemon (normally root) prior to this fix.
CVE-2011-4862
Obtained-from: FreeBSD-SA-11:08.telnetd
Summary of changes:
lib/libtelnet/encrypt.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/75df574506ea14695f2e86f863d312d284086d6d
--
DragonFly BSD source repository
More information about the Commits
mailing list