svn rev #19396: trunk/ src/appl/telnet/telnetd/
tlyu@MIT.EDU
tlyu at MIT.EDU
Tue Apr 3 17:27:26 EDT 2007
Commit By: tlyu
Log Message:
ticket: new
subject: MITKRB5-SA-2007-001: telnetd allows login as arbitrary user
tags: pullup
target_version: 1.6.1
Fix MITKRB5-SA-2007-001:
* src/appl/telnet/telnetd/sys_term.c (start_login): Add "--"
argument preceding username, in addition to the original patch.
Explicitly check for leading hyphen in username.
* src/appl/telnet/telnetd/state.c (envvarok): Check for leading
hyphen in environment variables. On advice from Shawn Emery, not
using strchr() as in the original patch.
Changed Files:
_U trunk/
U trunk/src/appl/telnet/telnetd/state.c
U trunk/src/appl/telnet/telnetd/sys_term.c
More information about the cvs-krb5
mailing list