mirror of
https://git.savannah.gnu.org/git/inetutils.git
synced 2026-01-26 16:29:08 +08:00
CERT* Advisory CA-97.04 Original issue date: January 27, 1997 Last Revised: September 26, 1997 Updated copyright statement Description The CERT Coordination Center has received information of a vulnerability in the talkd(8) program used by talk(1). talk is a communication program that copies text from one user's terminal to that of another, possibly remote, user. talkd is the daemon that notifies a user that someone else wishes to initiate a talk conversation. As part of the talk connection, talkd does a DNS lookup for the name of the host that the connection is being initiated from. Because there is insufficient bounds checking on the buffer where the hostname is stored, it is possible to overwrite the internal stack space of talkd. It is possible to force talkd to execute arbitrary commands by carefully manipulating the hostname information. As talkd runs with root privileges, this may allow intruders to remotely execute arbitrary commands with these privileges. This attack requires an intruder to be able to make a network connection to a vulnerable talkd program and provide corrupt DNS information to that host. This type of attack is a particular instance of the problem described in CERT advisory CA-96.04, "Corrupt Information from Network Servers," available from ---------------------------------------------------------------------