02805ed17d
Correct a pair of buffer overflows in the telnet(1) command: (CAN-2005-0468) A heap buffer overflow in env_opt_add() and related functions. (CAN-2005-0469) A global uninitialized data section buffer overflow in slc_add_reply() and related functions. As a result of these vulnerabilities, it may be possible for a malicious telnet server or active network attacker to cause telnet(1) to execute arbitrary code with the privileges of the user running it. Security: CAN-2005-0468, CAN-2005-0469 Security: FreeBSD-SA-05:01.telnet Security: http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities Security: http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities These fixes are based in part on patches Submitted by: Solar Designer <solar@openwall.com> git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14693 ec53bebd-3082-4978-b11e-865c3cabbd6b
$Id$ Heimdal is a Kerberos 5 implementation. Please see the manual in doc, by default installed in /usr/heimdal/info/heimdal.info for information on how to install. There are also briefer man pages for most of the commands. Bug reports and bugs are appreciated, see more under Bug reports in the manual on how we prefer them. For more information see the web-page at <http://www.pdc.kth.se/heimdal/> or the mailing lists: heimdal-announce@sics.se low-volume announcement heimdal-discuss@sics.se high-volume discussion send a mail to heimdal-announce-request@sics.se and heimdal-discuss-request@sics.se respectively to subscribe.