inetutils/telnet commands.c

commit-inetutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

inetutils/telnet commands.c

From:	Sergey Poznyakoff
Subject:	inetutils/telnet commands.c
Date:	Sun, 31 Aug 2003 18:31:59 -0400

CVSROOT:        /cvsroot/inetutils
Module name:    inetutils
Branch:         
Changes by:     Sergey Poznyakoff <address@hidden>      03/08/31 18:31:59

Modified files:
        telnet         : commands.c 

Log message:
        (tn): Don't set hostname to DNS canonicalized value.
        Attackers may control DNS and fool the Kerberos authentication
        code to use the wrong realm for the server, and consequently the
        wrong KDC for the server, which the attackers could also control.
        Ultimately the attacker can fool the server authentication check
        in the client.
        
        Patch by Simon Josefsson <address@hidden>

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/inetutils/inetutils/telnet/commands.c.diff?tr1=1.16&tr2=1.17&r1=text&r2=text

[Prev in Thread]

Current Thread

[Next in Thread]

inetutils/telnet commands.c, Sergey Poznyakoff <=

Next by Date: inetutils/telnet ChangeLog
Next by thread: inetutils/telnet ChangeLog
Index(es):
- Date
- Thread