From owner-freebsd-security  Thu May  1 14:08:36 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id OAA17019
          for security-outgoing; Thu, 1 May 1997 14:08:36 -0700 (PDT)
Received: from blubb.pdc.kth.se (blubb.pdc.kth.se [130.237.225.158])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id OAA17011
          for <freebsd-security@freebsd.org>; Thu, 1 May 1997 14:08:29 -0700 (PDT)
Received: from joda by blubb.pdc.kth.se with local (Exim 1.60 #3)
	id 0wN35D-0007C2-00; Thu, 1 May 1997 23:08:07 +0200
To: Bradley Dunn <bradley@dunn.org>
Cc: freebsd-security@freebsd.org
Subject: Re: Telnetd problem?
References: <Pine.BSF.3.96.970501163938.16494E-100000@ns2.harborcom.net>
Mime-Version: 1.0 (generated by tm-edit 7.103)
Content-Type: text/plain; charset=US-ASCII
From: joda@pdc.kth.se (Johan Danielsson)
Date: 01 May 1997 23:08:07 +0200
In-Reply-To: Bradley Dunn's message of Thu, 1 May 1997 16:54:39 -0400 (EDT)
Message-ID: <xofk9liq4so.fsf@blubb.pdc.kth.se>
Lines: 14
X-Mailer: Gnus v5.4.24/Emacs 19.34
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Bradley Dunn <bradley@dunn.org> writes:

> char speed[128];
> ...
> sprintf(speed, "%s/%d", (cp = getenv("TERM")) ? cp : "",
>                                 (def_rspeed > 0) ? def_rspeed : 9600);
> 
> This code is identical to the problematic kerberos code that was in
> the SNI advisory.

Yes, but this piece of code (at least in my telnetd source) is only
used if your login doesn't grok `-f'.

/Johan