Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 114843 Details for
Bug 171889
app-crypt/mit-krb5 Multiple issues CVE-2007-{095{6|7}|1216}
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
The first patch to fix telnetd
mit-krb5-SA-2007-001-telnetd.patch (text/plain), 2.04 KB, created by
Seemant Kulleen (RETIRED)
on 2007-03-29 01:54:07 UTC
(
hide
)
Description:
The first patch to fix telnetd
Filename:
MIME Type:
Creator:
Seemant Kulleen (RETIRED)
Created:
2007-03-29 01:54:07 UTC
Size:
2.04 KB
patch
obsolete
>diff -urN krb5-1.5.2.orig/src/appl/telnet/telnetd/state.c krb5-1.5.2/src/appl/telnet/telnetd/state.c >--- krb5-1.5.2.orig/src/appl/telnet/telnetd/state.c 2006-06-15 18:42:53.000000000 -0400 >+++ krb5-1.5.2/src/appl/telnet/telnetd/state.c 2007-03-28 18:05:19.000000000 -0400 >@@ -1665,7 +1665,8 @@ > strcmp(varp, "RESOLV_HOST_CONF") && /* linux */ > strcmp(varp, "NLSPATH") && /* locale stuff */ > strncmp(varp, "LC_", strlen("LC_")) && /* locale stuff */ >- strcmp(varp, "IFS")) { >+ strcmp(varp, "IFS") && >+ !strchr(varp, '-')) { > return 1; > } else { > syslog(LOG_INFO, "Rejected the attempt to modify the environment variable \"%s\"", varp); >diff -urN krb5-1.5.2.orig/src/appl/telnet/telnetd/sys_term.c krb5-1.5.2/src/appl/telnet/telnetd/sys_term.c >--- krb5-1.5.2.orig/src/appl/telnet/telnetd/sys_term.c 2002-11-15 15:21:51.000000000 -0500 >+++ krb5-1.5.2/src/appl/telnet/telnetd/sys_term.c 2007-03-28 18:10:59.000000000 -0400 >@@ -1287,6 +1287,16 @@ > #endif > #if defined (AUTHENTICATION) > if (auth_level >= 0 && autologin == AUTH_VALID) { >+ if (name[0] == '-') { >+ /* Authenticated and authorized to log in to an account >+ * starting with '-'? Even if that unlikely case comes >+ * to pass, the current program will not patse the >+ * resulting command line properly. >+ */ >+ syslog(LOG_ERR, "user name can not start with '-'"); >+ fatal(net, "user name can not start with '-'"); >+ exit(1); >+ } > # if !defined(NO_LOGIN_F) > #if defined(LOGIN_CAP_F) > argv = addarg(argv, "-F"); >@@ -1377,12 +1387,20 @@ > } else > #endif > if (getenv("USER")) { >- argv = addarg(argv, getenv("USER")); >+ char *user = getenv("USER"); >+ if (user[0] == '-') { >+ /* "telnet -l-x ..." */ >+ syslog(LOG_ERR, "user name cannot start with '-'"); >+ fatal(net, "user name cannot start with '-'"); >+ exit(1); >+ } >+ argv = addarg(argv, user); > #if defined(LOGIN_ARGS) && defined(NO_LOGIN_P) > { > register char **cpp; > for (cpp = environ; *cpp; cpp++) >- argv = addarg(argv, *cpp); >+ if ((*cpp[0] != '-') >+ argv = addarg(argv, *cpp); > } > #endif > /*
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=114843">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 171889
:
114842
| 114843 |
114844
|
114845
