

A Textbook Buffer Overflow: A Look at the FreeBSD telnetd Code - thexploit
http://thexploit.com/secdev/a-textbook-buffer-overflow-a-look-at-the-freebsd-telnetd-code/

======
thirsteh
<https://twitter.com/#!/cperciva/status/150864360170983424>

------
bdr
Ok, but no one uses telnetd, right?

~~~
KonradKlause
> Ok, but no one uses telnetd, right?

No. Telnet is heavily used in industrial environments.

~~~
harshreality
There are also a fair number of soho [wireless] routers with telnet enabled by
default.

I guess that's partly due to memory footprint, or assumed memory footprint
(dropbear being fairly small), by the manufacturers, and partly due to windows
not having a ssh client by default, whereas every major OS comes with a telnet
client.

~~~
Dylan16807
Keep in mind that for some reason they default-disabled the telnet client on
Vista and later.

------
ams6110
Anyone know if the other BSDs share this code?

~~~
Nick_C
According to comments on Colin's message, all BSDs as the bug has been there
for years. OpenBSD doesn't have telnetd in its base distribution (and I
currently don't have access to my OpenBSD server to check on the ports).

------
hackermom
How many hands are needed to count the people still using telnet for anything
_remotely_? I can see embedded use in isolated LANs, but...

------
enjoy-your-stay
I hereby propose a change to memcpy to include a maxbytes parameter and an
optional assert() if len exceeds it.

Might turn up a few interesting things.

~~~
subleq
memcpy's third argument is the maximum (additionally, the exact) number of
bytes it will copy.

