Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: More telnet Daemon Fun

From: sopwith () redhat com (Elliot Lee)
Date: Wed, 3 Dec 1997 01:11:52 -0500

On Mon, 1 Dec 1997, Aaron Campbell wrote:


Thanks to Jason Parsons <root () saffroncs com> for pointing this one out:

[telnet bug snipped]

Segmentation fault (core dumped)
[fx@somehost fx]$ ls -l core
-rw-------   1 fx       nnh        315392 Dec  1 21:51 core
[fx@somehost fx]$

That's 256 characters up there, BTW. Also, note we're setting the DISPLAY
variable this time, not TERM.


On Red Hat Linux 5.0, which uses glibc and a newer netkit, if I follow the
above procedure and telnet to either localhost, a Solaris box, or a 4.2
box, it just hangs when I telnet with the long $DISPLAY, and I tire of
waiting and kill the telnet client.

If I telnet from a RHL 4.2 box to anything, it does the segfault. This
seems to indicate that there is a buffer overflow in old(er) versions of
the telnet client.

No joy,
-- Elliot                       Seen on comp.os.linux.development.system:
"I WOULD LIKE TO INSERT SOME SYSTEM CALL IN LINUX.  BUT I DON'T KNOW WHERE
IS THE KERNEL SOURCE AND HOW TO COMPILE THE KERNEL PLEASE HELP ME!
FROM censored -MY EMAIL DOESN'T WORK."
Previous By Date Next
Previous By Thread Next

Current thread: