Date: Mon, 28 Mar 2005 14:45:12 +0000 (UTC) From: Jacques Vidrine <nectar@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/contrib/telnet/telnet telnet.c Message-ID: <200503281445.j2SEjCQT046186@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
nectar 2005-03-28 14:45:12 UTC FreeBSD src repository Modified files: contrib/telnet/telnet telnet.c Log: Correct a pair of buffer overflows in the telnet(1) command: (CAN-2005-0468) A heap buffer overflow in env_opt_add() and related functions. (CAN-2005-0469) A global uninitialized data section buffer overflow in slc_add_reply() and related functions. As a result of these vulnerabilities, it may be possible for a malicious telnet server or active network attacker to cause telnet(1) to execute arbitrary code with the privileges of the user running it. Security: CAN-2005-0468, CAN-2005-0469 Security: FreeBSD-SA-05:01.telnet Security: http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities Security: http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities These fixes are based in part on patches Submitted by: Solar Designer <solar@openwall.com> Revision Changes Path 1.16 +24 -6 src/contrib/telnet/telnet/telnet.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503281445.j2SEjCQT046186>