oss-sec mailing list archives
Re: Multiple telnet.c overflows
From: Tavis Ormandy <taviso () google com>
Date: Wed, 12 Dec 2018 22:13:11 -0800
On Wed, Dec 12, 2018 at 5:21 PM Hacker Fantastic <hackerfantastic () googlemail com> wrote:
Please see the below proof of concept in triggering the heap overflow using the IAC SB TELQUAL_IS environment option variable assignment. As per my original advisory, which did not fully indicate the details but gave the overview of how to trigger the condition.
Cool, but I think this is a different bug (AFAICT, it's CVE-2005-0469, it was fixed in netkit, but far fewer distros use inetutils). I agree this was a real vulnerability, It's a pretty good sign inetutils should be deprecated imho. Tavis.
Current thread:
- Multiple telnet.c overflows Hacker Fantastic (Dec 11)
- Re: Multiple telnet.c overflows Alan Coopersmith (Dec 11)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 12)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Bob Friesenhahn (Dec 12)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 12)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 13)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 13)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 13)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 14)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Alan Coopersmith (Dec 11)