diff options
author | Guillem Jover <guillem@hadrons.org> | 2011-12-28 02:34:19 +0100 |
---|---|---|
committer | Guillem Jover <guillem@hadrons.org> | 2011-12-28 02:34:19 +0100 |
commit | 324bb3e1d005050a148c28220a2a3e1bb334f61e (patch) | |
tree | 1ee0b7013046ae8d36f4fccfc5d3cb262ad04154 /debian/patches/99_CVE-2011-4862.patch | |
parent | 04304bf6ae778c9b140c33044afe7eb1043719bc (diff) | |
download | inetutils-324bb3e1d005050a148c28220a2a3e1bb334f61e.tar.gz |
Fix buffer overflow in telnetd
Allowing remote attackers to execute arbitrary code via a long
encryption key. Patch taken from FreeBSD. CVE-2011-4862
Diffstat (limited to 'debian/patches/99_CVE-2011-4862.patch')
-rw-r--r-- | debian/patches/99_CVE-2011-4862.patch | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/debian/patches/99_CVE-2011-4862.patch b/debian/patches/99_CVE-2011-4862.patch new file mode 100644 index 0000000..4bb677e --- /dev/null +++ b/debian/patches/99_CVE-2011-4862.patch @@ -0,0 +1,14 @@ +Index: git/libtelnet/encrypt.c +=================================================================== +--- git.orig/libtelnet/encrypt.c 2011-12-25 16:51:52.000000000 +0100 ++++ git/libtelnet/encrypt.c 2011-12-25 16:58:22.441175233 +0100 +@@ -794,6 +794,9 @@ + int dir = kp->dir; + register int ret = 0; + ++ if (len > MAXKEYLEN) ++ len = MAXKEYLEN; ++ + if (!(ep = (*kp->getcrypt) (*kp->modep))) + { + if (len == 0) |