Date: Thu, 1 May 1997 16:54:39 -0400 (EDT) From: Bradley Dunn <bradley@dunn.org> To: freebsd-security@freebsd.org Subject: Telnetd problem? Message-ID: <Pine.BSF.3.96.970501163938.16494E-100000@ns2.harborcom.net>
next in thread | raw e-mail | index | archive | help
>From src/libexec/telnetd/sys_term.c:
char speed[128];
...
sprintf(speed, "%s/%d", (cp = getenv("TERM")) ? cp : "",
(def_rspeed > 0) ? def_rspeed : 9600);
This code is identical to the problematic kerberos code that was in the
SNI advisory.
Also, it appears that the eBones in FreeBSD is vulnerable to both problems
in the SNI advisory. Just do a grep for 'strcpy' in src/eBones/lib/libkrb.
pbd
--
Why can't you be a non-conformist like everyone else?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970501163938.16494E-100000>