Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Dec 2018 22:13:11 -0800
From: Tavis Ormandy <>
Subject: Re: Multiple telnet.c overflows

On Wed, Dec 12, 2018 at 5:21 PM Hacker Fantastic
<> wrote:
> Please see the below proof of concept in triggering the heap overflow using the IAC SB TELQUAL_IS environment option variable assignment. As per my original advisory, which did not fully indicate the details but gave the overview of how to trigger the condition.

Cool, but I think this is a different bug (AFAICT, it's CVE-2005-0469,
it was fixed in netkit, but far fewer distros use inetutils). I agree
this was a real vulnerability, It's a pretty good sign inetutils
should be deprecated imho.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.