Date: Mon, 28 Mar 2005 14:45:12 +0000 (UTC) From: Jacques Vidrine <nectar@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/contrib/telnet/telnet telnet.c Message-ID: <200503281445.j2SEjCQT046186@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
nectar 2005-03-28 14:45:12 UTC
FreeBSD src repository
Modified files:
contrib/telnet/telnet telnet.c
Log:
Correct a pair of buffer overflows in the telnet(1) command:
(CAN-2005-0468) A heap buffer overflow in env_opt_add() and related
functions.
(CAN-2005-0469) A global uninitialized data section buffer overflow in
slc_add_reply() and related functions.
As a result of these vulnerabilities, it may be possible for a malicious
telnet server or active network attacker to cause telnet(1) to execute
arbitrary code with the privileges of the user running it.
Security: CAN-2005-0468, CAN-2005-0469
Security: FreeBSD-SA-05:01.telnet
Security: http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
Security: http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities
These fixes are based in part on patches
Submitted by: Solar Designer <solar@openwall.com>
Revision Changes Path
1.16 +24 -6 src/contrib/telnet/telnet/telnet.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503281445.j2SEjCQT046186>