Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 18 Jul 2004 22:27:07 +0100 (BST)
From:      "David A. Holland" <dholland@www.linux.org.uk>
To:        marques@displague.com (Marques Johansson)
Cc:        netbug@ftp.uk.linux.org
Subject:   Re: patch for SSLtelnet vulnerability (CAN-2004-0640)
Message-ID:  <E1BmJBb-00035H-P5@www.linux.org.uk>
In-Reply-To: <40F75AAE.5040806@displague.com> from "Marques Johansson" at Jul 16, 2004 12:33:50 AM
next in thread | previous in thread | raw e-mail | index | archive | help 
 > Apologies in advance for not being familiar with FreeBSD's patch/ports 
 > system. As far as I can tell, SSLtelnet, is depricated on FreeBSD. Even 
 > so, I would like to offer the following patch to fix the vulnerability 
 > described in CAN-2004-0640:
 > 
 > 00_CAN-2004-0640-1.patch
 > < patch >
 > --- telnetd/telnetd.c.orig      2004-07-13 02:58:01.000000000 -0400
 > +++ telnetd/telnetd.c   2004-07-13 03:27:23.000000000 -0400
 > @@ -520,7 +520,7 @@
 >                 sprintf(errbuf,"SSL_accept error %s\n",
 >                     ERR_error_string(ERR_get_error(),NULL));
 > 
 > -               syslog(LOG_WARNING, errbuf);
 > +               syslog(LOG_WARNING, "%.500s", errbuf);
 > 
 >                 BIO_printf(bio_err,errbuf);
 > 
 > < /patch >
 > 
 > Thanks.  I am CC'ing this patch to the netkit maintainer email
 > given in the package.  I have already given this information to the
 > Debian maintainer.  OpenBSD, NetBSD, & Redhat appear not to use
 > telnetd with SSL support.  They favor use of "openssl s_client
 > -connect host:port".

Hi, 

netkit-telnet's telnetd does not have this code. (SSL telnet is not
itself part of netkit, though it might be derived from the netkit
telnetd.)

I'd be more worried about the sprintf call I see in the patch context;
that one looks like it's likely harmless, but if there's one there's
probably more.

The legacy telnetd source all these things are derived from is evil
and fundamentally insecure; I'd encourage anyone interested in having
an SSL-enabled telnetd to do the world a service and write new
telnetd code from scratch.

-- 
David A. Holland       dholland@ftp.uk.linux.org
NetKit Maintenance     netbug@ftp.uk.linux.org
(if in doubt, use the netkit-0.18 pre1 snap, not 0.17; I haven't had
time to do a new snap, much less a release, and won't for a while)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1BmJBb-00035H-P5>