Little problem with /bin/telnet (fwd)
<please,excuse me for my poor english> Hi, i've found a bug in /bin/telnet that arrives with suse 7.1 and 7. I dont know if this bug has been already reported, but others distributions seems to be vulnerables too. Let me give you an example: --- bash-2.04$ DISPLAY=`perl -e 'print "a"x1200'` bash-2.04$ telnet localhost Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Segmentation fault bash-2.04$ --- Telnet gives me seg fault when it checks the enviroment $DISPLAY. Bye.
On Tue, 26 Jun 2001, Fox wrote:
i've found a bug in /bin/telnet that arrives with suse 7.1 and 7. I dont know if this bug has been already reported, but others distributions seems to be vulnerables too. Let me give you an example:
bash-2.04$ DISPLAY=`perl -e 'print "a"x1200'` bash-2.04$ telnet localhost Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Segmentation fault
Telnet gives me seg fault when it checks the enviroment $DISPLAY.
Well, you're setting the DISPLAY option for your own telnet, which is not setuid/setgid root, and not for somebody else's telnet, so where's the /security/ problem? You could just as well set PATH to 1200 "a"s, rehash and then wonder why commands are no longer found.
participants (2)
-
Fox -
Matthias Andree