Bug 91593 (CVE-2005-2040) - VUL-0: CVE-2005-2040 : Heimdal telnetd buffer overflow in getterminaltype
Summary: VUL-0: CVE-2005-2040 : Heimdal telnetd buffer overflow in getterminaltype
Status: RESOLVED FIXED
: 97195 (view as bug list)
Alias: CVE-2005-2040
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All SLES 9
: P5 - None : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: qa
Keywords:
Depends on:
Blocks:
 
Reported: 2005-06-21 13:29 UTC by Dennis Conrad
Modified: 2020-08-15 09:17 UTC (History)
3 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
overflow.patch (2.84 KB, patch)
2005-06-21 14:30 UTC, Marcus Meissner 		Details | Diff
log (16.97 KB, text/plain)
2005-07-05 11:45 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dennis Conrad 2005-06-21 13:29:58 UTC 
The Heimdal team reports buffer overflows in the function getterminaltype in
their telnetd:

http://www.pdc.kth.se/heimdal/advisory/2005-06-20/

Version 0.6.5 and 0.7 fixes this problem.
Comment 1 Marcus Meissner 2005-06-21 14:19:31 UTC 
well spotted, was still unknown to us. Thanks!
Comment 2 Marcus Meissner 2005-06-21 14:30:11 UTC 
Created attachment 39580 [details]
overflow.patch

0.6.4 -> 0.6.5 patch extract. untested
Comment 3 Vladimir Nadvornik 2005-06-22 16:07:19 UTC 
Packages are submitted to sles8,sles9,slec and 8.2 - 9.2 
Can you please submit patchinfos?
Comment 4 Marcus Meissner 2005-06-22 16:13:31 UTC 
swampid: 1625
Comment 5 Marcus Meissner 2005-06-22 16:16:49 UTC 
patchinfos submitted, only containing "heimdal" itself, since this is the 
package with "telnetd" inside.
Comment 6 Marcus Meissner 2005-07-05 11:45:22 UTC 
Hi, 
 
qa can not approve the maintenance update of heimdal because we currently can 
not reliably test the telnetd and sshd part. 
 
Sometime it works, sometime not. 
Please assist in debugging this. 
 
The testcase we ran are 
http://pdb.suse.de/pdb-testcases.pl?Package=heimdal&Release=27&tcid=5770 
 
The current status can be read in 
~rommel/QA/patch-10262/log 
 
The failures seem to be independent of architecture and code base. 
Even re-running the testcases on the same host (including re-creation of the     
complete Kerberos setup) does provide random outcome. 
 
I'm totally lost. 
-- 
Heiko Rommel                                rommel@suse.de 
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg 
T: +49 (0) 911 74053 0           F:  +49 (0) 911 741 77 55
Comment 7 Marcus Meissner 2005-07-05 11:45:58 UTC 
Created attachment 41141 [details]
log

failed QA log from Heiko.
Comment 8 Thomas Biege 2005-07-05 13:58:22 UTC 
Vladimir is on vacation this week.
Comment 9 Marcus Meissner 2005-07-06 15:32:24 UTC 
helped with QA. 
 
approved updates, published advisory.
Comment 10 Marcus Meissner 2005-07-19 08:46:49 UTC 
CAN-2005-2040
Comment 11 Marcus Meissner 2005-07-19 08:47:19 UTC 
*** Bug 97195 has been marked as a duplicate of this bug. ***