[5728] in bugtraq
Re: More telnet Daemon Fun
daemon@ATHENA.MIT.EDU (Elliot Lee)
Wed Dec 3 02:24:40 1997
Date: Wed, 3 Dec 1997 01:11:52 -0500
Reply-To: Elliot Lee <sopwith@redhat.com>
From: Elliot Lee <sopwith@REDHAT.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.GSO.3.96.971201214911.27428A-100000@ug>
On Mon, 1 Dec 1997, Aaron Campbell wrote:
> Thanks to Jason Parsons <root@saffroncs.com> for pointing this one out:
[telnet bug snipped]
> Segmentation fault (core dumped)
> [fx@somehost fx]$ ls -l core
> -rw------- 1 fx nnh 315392 Dec 1 21:51 core
> [fx@somehost fx]$
>
> That's 256 characters up there, BTW. Also, note we're setting the DISPLAY
> variable this time, not TERM.
On Red Hat Linux 5.0, which uses glibc and a newer netkit, if I follow the
above procedure and telnet to either localhost, a Solaris box, or a 4.2
box, it just hangs when I telnet with the long $DISPLAY, and I tire of
waiting and kill the telnet client.
If I telnet from a RHL 4.2 box to anything, it does the segfault. This
seems to indicate that there is a buffer overflow in old(er) versions of
the telnet client.
No joy,
-- Elliot Seen on comp.os.linux.development.system:
"I WOULD LIKE TO INSERT SOME SYSTEM CALL IN LINUX. BUT I DON'T KNOW WHERE
IS THE KERNEL SOURCE AND HOW TO COMPILE THE KERNEL PLEASE HELP ME!
FROM censored -MY EMAIL DOESN'T WORK."
