Bugtraq mailing list archives
Re: SNI-20: Telnetd tgetent vulnerability
From: aleph1 () DFW NET (Aleph One)
Date: Wed, 22 Oct 1997 16:10:49 -0500
---------- Forwarded message ---------- Date: Wed, 22 Oct 1997 13:37:22 -0400 (EDT) From: David Holland <dholland () eecs harvard edu> To: linux-security () redhat com Subject: [linux-security] Re: SNI-20: Telnetd tgetent vulnerability
[mod: Executive summary: SNI found recent linux-distributions not-vulnerable -- REW]
Well, it looks a little more complicated than that. If your telnetd is linked against GNU termcap (as opposed to ncurses), it seems that there *is* a vulnerability; it looks like GNU termcap doesn't check for overflow of the initial name portion of the terminal type. ncurses doesn't touch the buffer in question at all. -- - David A. Holland | VINO project home page: dholland () eecs harvard edu | http://www.eecs.harvard.edu/vino -- ---------------------------------------------------------------------- Please refere to the information about this list as well as general information about Linux security at http://www.aoy.com/Linux/Security. ---------------------------------------------------------------------- To unsubscribe: mail -s unsubscribe test-list-request () redhat com < /dev/null
Current thread:
- Re: SNI-20: Telnetd tgetent vulnerability Aleph One (Oct 22)