freebsd-skq/contrib/telnet
Jacques Vidrine 14aab889f4 Correct a pair of buffer overflows in the telnet(1) command:
(CAN-2005-0468) A heap buffer overflow in env_opt_add() and related
 functions.

 (CAN-2005-0469) A global uninitialized data section buffer overflow in
 slc_add_reply() and related functions.

As a result of these vulnerabilities, it may be possible for a malicious
telnet server or active network attacker to cause telnet(1) to execute
arbitrary code with the privileges of the user running it.

Security: CAN-2005-0468, CAN-2005-0469
Security: FreeBSD-SA-05:01.telnet
Security: http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
Security: http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities

These fixes are based in part on patches
Submitted by:	Solar Designer <solar@openwall.com>
2005-03-28 14:45:12 +00:00
..
arpa add more RFC defined telnet options 2003-01-18 06:10:21 +00:00
libtelnet Use __FBSDID vs. rcsid[]. Also protect sccs[] and copyright[] from GCC 3.3. 2003-05-04 02:54:49 +00:00
telnet Correct a pair of buffer overflows in the telnet(1) command: 2005-03-28 14:45:12 +00:00
telnetd - Soften sentence breaks. 2005-01-21 21:57:05 +00:00