[Secure-testing-commits] r699 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Thu, 31 Mar 2005 11:42:06 +0000
Author: jmm-guest
Date: 2005-03-31 11:42:03 +0000 (Thu, 31 Mar 2005)
New Revision: 699
Modified:
sarge-checks/CAN/list
Log:
Check the Kerberos implementations for the telnet vulnerabilities.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-03-31 09:50:07 UTC (rev 698)
+++ sarge-checks/CAN/list 2005-03-31 11:42:03 UTC (rev 699)
@@ -1735,6 +1735,9 @@
CAN-2005-0469 (Buffer overflow in the slc_add_reply function in various BSD-based ...)
{DSA-699-1 DSA-697-1}
{ DSA-697-1}
+ TODO: heimdal contains a BSD derived telnet client as well, check whether it's vulnerable
+ TODO: krb4 contains a BSD derived telnet client as well, check whether it's vulnerable
+ TODO: krb5 contains a BSD derived telnet client as well, check whether it's vulnerable
CAN-2005-0468 (Heap-based buffer overflow in the env_opt_add function in telnet.c for ...)
TODO: check
CAN-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2) ...)