diff options
author | Sergio Carlavilla Delgado <carlavilla@FreeBSD.org> | 2021-01-25 23:31:29 +0000 |
---|---|---|
committer | Sergio Carlavilla Delgado <carlavilla@FreeBSD.org> | 2021-01-25 23:31:29 +0000 |
commit | 989d921f5d4ac8d8b7c831c13b8954ad1901be24 (patch) | |
tree | a5d768f9af4b55422fdf5b17064879ae1c7ce032 /share/security/advisories/FreeBSD-SA-19:12.telnet.asc | |
parent | 0cff342f42461c5081b98bce7581f43df319e4f4 (diff) | |
download | doc-989d921f5d4ac8d8b7c831c13b8954ad1901be24.tar.gz doc-989d921f5d4ac8d8b7c831c13b8954ad1901be24.zip |
Migrate doc to Hugo/AsciiDoctor
I'm very pleased to announce the release of
our new website and documentation using
the new toolchain with Hugo and AsciiDoctor.
To get more information about the new toolchain
please read the FreeBSD Documentation Project Primer[1],
Hugo docs[2] and AsciiDoctor docs[3].
Acknowledgment:
Benedict Reuschling <bcr@>
Glen Barber <gjb@>
Hiroki Sato <hrs@>
Li-Wen Hsu <lwhsu@>
Sean Chittenden <seanc@>
The FreeBSD Foundation
[1] https://docs.FreeBSD.org/en/books/fdp-primer/
[2] https://gohugo.io/documentation/
[3] https://docs.asciidoctor.org/home/
Approved by: doceng, core
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-19:12.telnet.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-19:12.telnet.asc | 136 |
1 files changed, 0 insertions, 136 deletions
diff --git a/share/security/advisories/FreeBSD-SA-19:12.telnet.asc b/share/security/advisories/FreeBSD-SA-19:12.telnet.asc deleted file mode 100644 index 158923aef2..0000000000 --- a/share/security/advisories/FreeBSD-SA-19:12.telnet.asc +++ /dev/null @@ -1,136 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -============================================================================= -FreeBSD-SA-19:12.telnet Security Advisory - The FreeBSD Project - -Topic: telnet(1) client multiple vulnerabilities - -Category: contrib -Module: contrib/telnet -Announced: 2019-07-24 -Credits: Juniper Networks -Affects: All supported versions of FreeBSD. -Corrected: 2019-07-19 15:37:29 UTC (stable/12, 12.0-STABLE) - 2019-07-24 12:51:52 UTC (releng/12.0, 12.0-RELEASE-p8) - 2019-07-19 15:27:53 UTC (stable/11, 11.2-STABLE) - 2019-07-24 12:51:52 UTC (releng/11.2, 11.2-RELEASE-p12) - 2019-07-24 12:51:52 UTC (releng/11.3, 11.3-RELEASE-p1) -CVE Name: CVE-2019-0053 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:https://security.FreeBSD.org/>. - -I. Background - -The telnet(1) command is a TELNET protocol client, used primarily to -establish terminal sessions across a network. - -II. Problem Description - -Insufficient validation of environment variables in the telnet client -supplied in FreeBSD can lead to stack-based buffer overflows. A stack- -based overflow is present in the handling of environment variables when -connecting via the telnet client to remote telnet servers. - -This issue only affects the telnet client. Inbound telnet sessions to -telnetd(8) are not affected by this issue. - -III. Impact - -These buffer overflows may be triggered when connecting to a malicious -server, or by an active attacker in the network path between the client -and server. Specially crafted TELNET command sequences may cause the -execution of arbitrary code with the privileges of the user invoking -telnet(1). - -IV. Workaround - -Do not use telnet(1) to connect to untrusted machines or over an -untrusted network. - -V. Solution - -Upgrade your vulnerable system to a supported FreeBSD stable or -release / security branch (releng) dated after the correction date. - -Perform one of the following: - -1) To update your vulnerable system via a binary patch: - -Systems running a RELEASE version of FreeBSD on the i386 or amd64 -platforms can be updated via the freebsd-update(8) utility: - -# freebsd-update fetch -# freebsd-update install - -2) To update your vulnerable system via a source code patch: - -The following patches have been verified to apply to the applicable -FreeBSD release branches. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -# fetch https://security.FreeBSD.org/patches/SA-19:12/telnet.patch -# fetch https://security.FreeBSD.org/patches/SA-19:12/telnet.patch.asc -# gpg --verify telnet.patch.asc - -b) Apply the patch. Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile the operating system using buildworld and installworld as -described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. - -VI. Correction details - -The following list contains the correction revision numbers for each -affected branch. - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/12/ r350139 -releng/12.0/ r350281 -stable/11/ r350140 -releng/11.2/ r350281 -releng/11.3/ r350281 -- ------------------------------------------------------------------------- - -To see which files were modified by a particular revision, run the -following command, replacing NNNNNN with the revision number, on a -machine with Subversion installed: - -# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base - -Or visit the following URL, replacing NNNNNN with the revision number: - -<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> - -VII. References - -<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0053> - -The latest revision of this advisory is available at -<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:12.telnet.asc> ------BEGIN PGP SIGNATURE----- - -iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WltfFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD -MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n -5cLOzA//YxRZNUr+d8B+t6DnBUbVvthJiY9sQ1YPXUIJmp4QA7wvXr5UjURw+6qv -raxEp6JmF06wZK4RjeIFckQD6s2wnjO5VHO80Zbs0nD4NejQGeDAIlVdKqofOtJv -bBQNSY3vPAtumyfElc+N19rKetAjGbsUjOMbn87GlWrit4lqcavBQsdmSlQB5gVA -dFAFsVxr+ujjATnrCmIpFiaDk0unyJ7Gtz7jiM9I8xZueJtM49/9kNCFFLKCMUl8 -HpB2k0cb18GVNJoKtzo1nELOM/oIJVO5HZt1fmYG/RgeL1BSyzg4q/5jXJQopJ2h -Qax7fmMP+RpGGrfp9Uom63tj79eQk2NirpUtfAaYkfGKzj6fNcq/7jxZfbobx0R8 -uTiF88mlv2/SGxpo11Z/QBqOSYTQtjDRYJvjCo77g7YW8HauECC3tiklpPfFOIO8 -m5qNOORKI74Do377GBF3gxDF2T8ILwj1j7nKHf3apotvQXJkkbpWBG7ADRTFcZWd -PMKdYiDPHV33YmCAg9tOAqV4O7TvaB07ZLKiI6kuSBtPVrazB8Az/oRJwfF6JQ6g -4ZdinyCrXWYrWslkW8402GKCERFFYJUvwLSUqHxYMRgZWPy9zf/mH56vh4bleYnP -kz2X7OgtB3Juu0Uzwv927+KZuyzitniaPlLe9tsyBwXFbUM+BrY= -=LWVf ------END PGP SIGNATURE----- |