Bugtraq mailing list archives
Re: SNI-20: Telnetd tgetent vulnerability
From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Tue, 21 Oct 1997 19:58:42 -0600
A vulnerability in the tgetent(3) library routine can result in a buffer overflow in the telnet daemon on some BSD derived systems.
This same problem appears to be exploitable as a localhost attack against the program xterm. This is setuid root on a lot of systems, and if tgetent(3) has the overflow problems, the same problem can be exploited there. On BSD systems, it is likely this could also have been exploited in systat(8) to gain gid kmem permissions. I've not confirmed these probelms... I don't write shell code, I just fix the bugs ;-)
Current thread:
- Re: WinNT syscalls insecurity Bst Perez Companc (Oct 19)
- <Possible follow-ups>
- Re: WinNT syscalls insecurity David LeBlanc (Oct 19)
- SNI-19: BSD lpd vulnerabilities (UPDATE) Secure Networks Inc. (Oct 21)
- Re: WinNT syscalls insecurity Solar Designer (Oct 21)
- SNI-20: Telnetd tgetent vulnerability Secure Networks Inc. (Oct 21)
- Re: SNI-20: Telnetd tgetent vulnerability Theo de Raadt (Oct 21)
- Majordomo and EXPN James Ponder (Oct 22)
- Re: remotely kill solaris syslogd Jason R Mastaler (Oct 21)