[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [BUG][PATCH] Someone described a remote DoS Vulnerability in telnetd
From: |
Simon Josefsson |
Subject: |
Re: [BUG][PATCH] Someone described a remote DoS Vulnerability in telnetd (dereference NULL pointer ---> SEGV) |
Date: |
Thu, 08 Sep 2022 16:54:49 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
Guillem Jover <guillem@hadrons.org> writes:
> [ Resending with To trimmed. ]
>
> Hi!
>
> On Tue, 2022-08-30 at 22:57:51 +0200, Guillem Jover wrote:
>> On Sun, 2022-08-28 at 14:40:44 +0200, Erik Auerswald wrote:
>> > On Sat, Aug 27, 2022 at 07:37:15PM +0200, Erik Auerswald wrote:
>> > > someone has described a remote DoS vulnerability in
>> > > many telnetd implementations that I just happened to
>> > > stumble over:
>> > >
>> > > https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
>> > >
>> > > The vulnerability is a NULL pointer dereference when
>> > > reading either of two two byte sequences:
>> > >
>> > > 1: 0xff 0xf7
>> > > 2: 0xff 0xf8
>> > >
>> > > The blog shows GNU Inetutils' telnetd as vulnerable:
>> > >
>> > > https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html#remote-dos-inetutils
>>
>> This has been assigned CVE-2022-39028 (I think from the Debian pool),
>> after I reported it to the Debian security team.
>
> While it might have been nice to get this in the commit message, I
> think it would still be nice to add a reference in the NEWS. :)
Added, thank you.
https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=6c3c6acaf352151c6155a8cd78fe490148d0e22a
/Simon
signature.asc
Description: PGP signature