Hi,
On Sat, Mar 28, 2020 at 06:43:28PM +0000, Marcos Marado wrote:
> Did anyone confirm this against Debian's netkit?
No this needs to happen yet. We rather want to play on the safe side
here and mark something yet 'wrongly as affected until we have
assurance that the vulnerability is not present in the code.
>
> At least on 0.17.24 (the earlier version on debian I could get my
> hands on) or later, the nextitem function has this check:
>
> > if (current >= end) {
> > current = next;
> > if (!current) {
> > return 0;
> > }
> > end = nextend;
> > next = 0;
> > }
>
> From my understanding of the CVE (and brief analysis), this should be
> enough to avoid any possible exploitation, so I installed telnetd and
> tried to run the exploit against it. And, indeed, the result I got
> was:
>
> > ⛤ Connecting to 0:23
> > infoleak unsuccessful.
>
> I might be missing something here, but I suspect that debian's
> netkit-telnet (and netkit-telnet-ssl) are not affected by this CVE.
Thanks this might help to track the issue further.
Regards,
Salvatore
