1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-29 12:03:03 +00:00
freebsd/contrib
Jacques Vidrine 14aab889f4 Correct a pair of buffer overflows in the telnet(1) command:
(CAN-2005-0468) A heap buffer overflow in env_opt_add() and related
 functions.

 (CAN-2005-0469) A global uninitialized data section buffer overflow in
 slc_add_reply() and related functions.

As a result of these vulnerabilities, it may be possible for a malicious
telnet server or active network attacker to cause telnet(1) to execute
arbitrary code with the privileges of the user running it.

Security: CAN-2005-0468, CAN-2005-0469
Security: FreeBSD-SA-05:01.telnet
Security: http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
Security: http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities

These fixes are based in part on patches
Submitted by:	Solar Designer <solar@openwall.com>
2005-03-28 14:45:12 +00:00
..
amd Expand *n't contractions. 2005-02-13 22:25:33 +00:00
bc Remove files no longer needed 2004-02-17 01:04:18 +00:00
bind9 Expand and refine a few sections for future reference 2005-03-17 08:40:41 +00:00
binutils This commit was generated by cvs2svn to compensate for changes in r131722, 2004-07-06 19:16:23 +00:00
bsnmp Don't extract the .gdbinit file from the distribution. 2005-02-28 17:29:10 +00:00
bzip2
com_err Resolve conflicts after import of Heimdal 0.6.1 libcom_err. 2004-04-03 21:17:01 +00:00
cpio Recognize and skip 'x' and 'g' pax extension entries. In particular, 2004-08-28 03:13:05 +00:00
cvs Do not check val-tags if the repository is read-only. 2004-08-05 17:47:35 +00:00
diff Remove files no longer needed 2004-02-16 22:56:36 +00:00
expat Virgin import (trimmed) of eXpat version 1.95.5 2002-10-02 07:16:04 +00:00
file This commit was generated by cvs2svn to compensate for changes in r139368, 2004-12-28 04:31:47 +00:00
gcc Break lines at sentence ends, etc... 2004-11-11 07:50:09 +00:00
gdb Abstract the handling of dirty stacked registers in ia64_read_reg() and 2004-09-05 06:17:25 +00:00
gdtoa Configure gdtoa so that floating-point numbers are correctly rounded 2005-01-18 18:56:18 +00:00
gnu-sort Correct va_end usage. 2004-08-27 03:52:29 +00:00
gperf Remove unneded files 2004-02-17 01:51:07 +00:00
groff MFV: Latest mdoc(7) fixes. 2005-01-25 09:32:56 +00:00
ipfilter Committ changes from 3.4.31 -> 3.4.35 2004-06-21 22:53:03 +00:00
isc-dhcp Make 'client DNS forward update' working again which got broken in rev. 2004-08-16 22:35:56 +00:00
less Merge vendor changes onto mainline. 2004-04-17 07:24:09 +00:00
libbegemot Vendor import of harti's begemot library. 2004-09-24 21:48:46 +00:00
libf2c Remove files that are not part of GCC 3.4.x from the vendor branch. 2004-08-12 16:41:42 +00:00
libobjc Gcc 3.4.2 20040728 Objective C support bits. 2004-07-28 03:12:12 +00:00
libpcap pcap clients should use strlcpy() from the base system libc by default also. 2004-03-31 18:15:37 +00:00
libreadline Fix some more files that got butchered to appear to be back on the 2004-10-21 20:10:14 +00:00
libstdc++ Remove files that are not part of GCC 3.4.x from the vendor branch. 2004-08-12 16:41:42 +00:00
lukemftp This commit was generated by cvs2svn to compensate for changes in r142129, 2005-02-20 17:33:34 +00:00
lukemftpd NetBSD has updated their groff to a version that handles .Nm the same 2004-08-18 06:41:13 +00:00
ncurses This commit was generated by cvs2svn to compensate for changes in r104977, 2002-10-12 10:22:52 +00:00
netcat Undo the VCS tag move to reduce diff hunks. 2005-02-07 05:34:35 +00:00
ngatm This commit was generated by cvs2svn to compensate for changes in r135923, 2004-09-29 06:22:38 +00:00
ntp This commit was generated by cvs2svn to compensate for changes in r138451, 2004-12-06 14:33:29 +00:00
nvi Remove ru_SU, we don't need it in favour to ru_RU 2003-06-23 13:21:15 +00:00
one-true-awk Update for the 2004/02/07 import. 2004-02-08 21:39:18 +00:00
openpam Vendor import of OpenPAM Feterita. 2005-02-01 10:16:17 +00:00
opie FreeBSD does not use this code, but ftpd_popen() contains a buffer overflow. 2003-07-13 05:59:50 +00:00
pam_modules/pam_passwdqc
pf - remove OpenBSDisms, add FreeBSDisms 2005-02-23 17:37:39 +00:00
pnpinfo Move cvs id from comment to code. Use errx(). Add a return (0) at the end 2004-01-04 11:11:02 +00:00
sendmail Merge mci.c change to add mci_close() from the vendor branch. 2005-02-14 08:04:08 +00:00
smbfs + Get prototypes for libc functions. 2004-10-19 17:44:31 +00:00
tar Add */lib/getopt* I miss somehow initially. 2004-02-18 18:53:13 +00:00
tcp_wrappers Correct compilation with "#define really_paranoid". 2003-12-27 14:58:00 +00:00
tcpdump Fix NULL pointer dereference bug when parsing IPV6CP traffic. 2005-01-24 14:56:48 +00:00
tcsh Add the nls/*/charset files to the exclude list. These files are not needed 2004-07-11 02:20:52 +00:00
telnet Correct a pair of buffer overflows in the telnet(1) command: 2005-03-28 14:45:12 +00:00
texinfo Remove unneded files 2004-02-17 02:09:53 +00:00
top Correct macro usage. 2005-03-13 13:37:02 +00:00
traceroute Remove an empty default: case to please GCC 3.4.2. 2004-07-28 14:21:25 +00:00