freebsd-dev/contrib
Jacques Vidrine 14aab889f4 Correct a pair of buffer overflows in the telnet(1) command:
(CAN-2005-0468) A heap buffer overflow in env_opt_add() and related
 functions.

 (CAN-2005-0469) A global uninitialized data section buffer overflow in
 slc_add_reply() and related functions.

As a result of these vulnerabilities, it may be possible for a malicious
telnet server or active network attacker to cause telnet(1) to execute
arbitrary code with the privileges of the user running it.

Security: CAN-2005-0468, CAN-2005-0469
Security: FreeBSD-SA-05:01.telnet
Security: http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
Security: http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities

These fixes are based in part on patches
Submitted by:	Solar Designer <solar@openwall.com>
2005-03-28 14:45:12 +00:00
..
amd Expand *n't contractions. 2005-02-13 22:25:33 +00:00
bc
bind9 Expand and refine a few sections for future reference 2005-03-17 08:40:41 +00:00
binutils
bsnmp Don't extract the .gdbinit file from the distribution. 2005-02-28 17:29:10 +00:00
bzip2
com_err
cpio
cvs
diff
expat
file This commit was generated by cvs2svn to compensate for changes in r139368, 2004-12-28 04:31:47 +00:00
gcc
gdb
gdtoa Configure gdtoa so that floating-point numbers are correctly rounded 2005-01-18 18:56:18 +00:00
gnu-sort
gperf
groff MFV: Latest mdoc(7) fixes. 2005-01-25 09:32:56 +00:00
ipfilter
isc-dhcp
less
libbegemot
libf2c
libobjc
libpcap
libreadline
libstdc++
lukemftp This commit was generated by cvs2svn to compensate for changes in r142129, 2005-02-20 17:33:34 +00:00
lukemftpd
ncurses
netcat Undo the VCS tag move to reduce diff hunks. 2005-02-07 05:34:35 +00:00
ngatm
ntp
nvi
one-true-awk
openpam Vendor import of OpenPAM Feterita. 2005-02-01 10:16:17 +00:00
opie
pam_modules/pam_passwdqc
pf - remove OpenBSDisms, add FreeBSDisms 2005-02-23 17:37:39 +00:00
pnpinfo
sendmail Merge mci.c change to add mci_close() from the vendor branch. 2005-02-14 08:04:08 +00:00
smbfs
tar
tcp_wrappers
tcpdump Fix NULL pointer dereference bug when parsing IPV6CP traffic. 2005-01-24 14:56:48 +00:00
tcsh
telnet Correct a pair of buffer overflows in the telnet(1) command: 2005-03-28 14:45:12 +00:00
texinfo
top Correct macro usage. 2005-03-13 13:37:02 +00:00
traceroute