Did anyone confirm this against Debian's netkit?
At least on 0.17.24 (the earlier version on debian I could get my
hands on) or later, the nextitem function has this check:
> if (current >= end) {
> current = next;
> if (!current) {
> return 0;
> }
> end = nextend;
> next = 0;
> }
>From my understanding of the CVE (and brief analysis), this should be
enough to avoid any possible exploitation, so I installed telnetd and
tried to run the exploit against it. And, indeed, the result I got
was:
> ⛤ Connecting to 0:23
> infoleak unsuccessful.
I might be missing something here, but I suspect that debian's
netkit-telnet (and netkit-telnet-ssl) are not affected by this CVE.
Best regards,
--
Marcos Marado
