Buffer Overflow in telnetd CERT CA-2001-21

bridged with qdn.public.news
Post Reply
Operating System for Tech

Buffer Overflow in telnetd CERT CA-2001-21

Post by Operating System for Tech » Wed Aug 15, 2001 3:54 pm

New versions of telnetd with a fix for

CERT CA-2001-21 Buffer Overflow in telnetd

can be found at http://developers.qnx.com/Fixes/Software/telnetd_CERT

There is a QNX4 version for a shared (TCP/IP 4.25) socket library and
a static (TCP/IP 5.0) socket library.

There are also RTP 6.1 versions for multiple platforms.

Richard R. Kramer

Re: Buffer Overflow in telnetd CERT CA-2001-21

Post by Richard R. Kramer » Wed Aug 15, 2001 11:17 pm

I think there's a boo-boo with the QNX4 static version for use
with Tcprt 5.0. Attempts to use it produce an exec format error.
cksum is 1565679915 70640

Richard

Operating System for Tech Supp wrote:
New versions of telnetd with a fix for

CERT CA-2001-21 Buffer Overflow in telnetd

can be found at http://developers.qnx.com/Fixes/Software/telnetd_CERT

There is a QNX4 version for a shared (TCP/IP 4.25) socket library and
a static (TCP/IP 5.0) socket library.

There are also RTP 6.1 versions for multiple platforms.

Operating System for Tech

Re: Buffer Overflow in telnetd CERT CA-2001-21

Post by Operating System for Tech » Thu Aug 16, 2001 3:11 pm

The cksum should be 3243154806 70412 telnetd.QNX4.static

Downloading though Voyager produces the correct cksum. If you try downloading
telnetd.QNX4.shared the cksum should be 4020648631 62387. Is this the case?
Voyager did think it was a text file, a right click on the link was
necessary to download properly. This will be corrected. Mayby the browser
was getting the file format wrong.


Richard R. Kramer <rrkramer@kramer-smilko.com> wrote:
I think there's a boo-boo with the QNX4 static version for use
with Tcprt 5.0. Attempts to use it produce an exec format error.
cksum is 1565679915 70640

Richard

Operating System for Tech Supp wrote:

New versions of telnetd with a fix for

CERT CA-2001-21 Buffer Overflow in telnetd

can be found at http://developers.qnx.com/Fixes/Software/telnetd_CERT

There is a QNX4 version for a shared (TCP/IP 4.25) socket library and
a static (TCP/IP 5.0) socket library.

There are also RTP 6.1 versions for multiple platforms.

Richard R. Kramer

Re: Buffer Overflow in telnetd CERT CA-2001-21

Post by Richard R. Kramer » Thu Aug 16, 2001 11:15 pm

OK - Netscape messes it up - Opera gets it right. It would be
handy to post cksums like you used to on Quics, and/or make
these files accessible via ftp.

.... and while I'm making suggestions, what would be _very_ handy
would be to list file times when browsing usr/free.

Richard

Operating System for Tech Supp wrote:
The cksum should be 3243154806 70412 telnetd.QNX4.static

Downloading though Voyager produces the correct cksum. If you try downloading
telnetd.QNX4.shared the cksum should be 4020648631 62387. Is this the case?
Voyager did think it was a text file, a right click on the link was
necessary to download properly. This will be corrected. Mayby the browser
was getting the file format wrong.

Richard R. Kramer <rrkramer@kramer-smilko.com> wrote:
I think there's a boo-boo with the QNX4 static version for use
with Tcprt 5.0. Attempts to use it produce an exec format error.
cksum is 1565679915 70640

Richard

Operating System for Tech Supp wrote:

New versions of telnetd with a fix for

CERT CA-2001-21 Buffer Overflow in telnetd

can be found at http://developers.qnx.com/Fixes/Software/telnetd_CERT

There is a QNX4 version for a shared (TCP/IP 4.25) socket library and
a static (TCP/IP 5.0) socket library.

There are also RTP 6.1 versions for multiple platforms.

Post Reply

Return to “qdn.public.news”