Date: Mon, 28 Mar 2005 08:46:27 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/contrib/telnet/telnet telnet.c Message-ID: <20050328144627.GA78918@hellblazer.celabo.org> In-Reply-To: <200503281445.j2SEjCQT046186@repoman.freebsd.org> References: <200503281445.j2SEjCQT046186@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 28, 2005 at 02:45:12PM +0000, Jacques A. Vidrine wrote: > nectar 2005-03-28 14:45:12 UTC > > FreeBSD src repository > > Modified files: > contrib/telnet/telnet telnet.c > Log: > Correct a pair of buffer overflows in the telnet(1) command: > > (CAN-2005-0468) A heap buffer overflow in env_opt_add() and related > functions. > > (CAN-2005-0469) A global uninitialized data section buffer overflow in > slc_add_reply() and related functions. > > As a result of these vulnerabilities, it may be possible for a malicious > telnet server or active network attacker to cause telnet(1) to execute > arbitrary code with the privileges of the user running it. > > Security: CAN-2005-0468, CAN-2005-0469 > Security: FreeBSD-SA-05:01.telnet > Security: http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities > Security: http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities > > These fixes are based in part on patches > Submitted by: Solar Designer <solar@openwall.com> > > Revision Changes Path > 1.16 +24 -6 src/contrib/telnet/telnet/telnet.c The references above may not be available yet, but will be later today. Likewise, fixes to other FreeBSD branches are upcoming. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050328144627.GA78918>