Did anyone confirm this against Debian's netkit? At least on 0.17.24 (the earlier version on debian I could get my hands on) or later, the nextitem function has this check:
> if (current >= end) { > current = next; > if (!current) { > return 0; > } > end = nextend; > next = 0; > } >From my understanding of the CVE (and brief analysis), this should be enough to avoid any possible exploitation, so I installed telnetd and tried to run the exploit against it. And, indeed, the result I got was: > ⛤ Connecting to 0:23 > infoleak unsuccessful. I might be missing something here, but I suspect that debian's netkit-telnet (and netkit-telnet-ssl) are not affected by this CVE. Best regards, -- Marcos Marado