Telnetd key processing buffer overflow vulnerability scanning principle []

Others 2019-06-03 19:13:44 views: null
Detailed Description  
telnet daemon telnetd achieve TELNET virtual terminal protocol server.
Buffer overrun vulnerability exists in the realization of telnetd, remote attacker could exploit this vulnerability control server.
TELNET protocol data stream with an encryption mechanism, when the encryption key provided by the TELNET protocol, its length is not verified, flaw-related code before being copied into the fixed size buffer function located "encrypt_keyid ()" (crypto / heimdal / appl /telnet/libtelnet/encrypt.c and contrib / telnet / libtelnet / encrypt.c)
Solution
Manufacturers patch:
FreeBSD
-------
Current vendors have released an updated patch to fix the security issue, please go to the manufacturer's home page to download:
http://www.freebsd.org/security/index.html
REDHAT 
 Name: RHSA-2011:1854
Hyperlink:http://rhn.redhat.com/errata/RHSA-2011-1854.html
External Source: REDHAT
Name: RHSA-2011:1853
Hyperlink:http://rhn.redhat.com/errata/RHSA-2011-1853.html
External Source: REDHAT
Name: RHSA-2011:1852
Hyperlink:http://rhn.redhat.com/errata/RHSA-2011-1852.html
External Source: REDHAT
Name: RHSA-2011:1851
Hyperlink:http://rhn.redhat.com/errata/RHSA-2011-1851.html
DEBIAN
External Source: DEBIAN
Name: DSA-2375
Hyperlink:http://www.debian.org/security/2011/dsa-2375
External Source: DEBIAN
Name: DSA-2373
Hyperlink:http://www.debian.org/security/2011/dsa-2373
External Source: DEBIAN
Name: DSA-2372
Hyperlink:http://www.debian.org/security/2011/dsa-2372
SUSE:
External Source: SUSE
Name: SUSE-SU-2012:0056
Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html
External Source: SUSE
Name: openSUSE-SU-2012:0051
Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html
External Source: SUSE
Name: SUSE-SU-2012:0050
Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html
External Source: SUSE
Name: SUSE-SU-2012:0042
Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
External Source: SUSE
Name: SUSE-SU-2012:0024
Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html
External Source: SUSE
Name: openSUSE-SU-2012:0019
Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html
External Source: SUSE
Name: SUSE-SU-2012:0018
Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html
External Source: SUSE
Name: SUSE-SU-2012:0010
Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
FEDORA:
External Source: FEDORA
Name: FEDORA-2011-17493
Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html
External Source: FEDORA
Name: FEDORA-2011-17492
Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html

Guess you like

Origin www.cnblogs.com/mrhonest/p/10967371.html
Recommended
Ranking
ASP.NET Core storage session to get any value
Linux has disk space but shows insufficient inode usage in Linux
Oral English 433 Twenty English Words Every Day
The use of common transforms in Pytorch
It's Graduation Season II again
Introduction to OracleDB 6: Use DB LINK to clone non-CDB into CDB architecture
How the report generator FastReport .Net uses code to create reports
My Live Writer Plugin - insert monkey face
DCM's diagnostic services dispatcher (DSD) a Detailed
Java NullPointerException when using scanner.hasNext();
Daily
More
2024-05-23(35)
2024-05-22(9)
2024-05-21(35)
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)

Code World

© 2018 codetd.com