This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours

Bug 189332

Summary: telnet core dumps
Product: [Fedora] Fedora Reporter: giulix <giulio.martinat>
Component: krb5Assignee: Nalin Dahyabhai <nalin>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Brian Brock <bbrock>
Severity: high Docs Contact:
Priority: medium    
Version: 5   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-03-11 13:02:10 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:

Description giulix 2006-04-19 05:19:51 EDT
Description of problem: Telnet core dumps

Version-Release number of selected component (if applicable):
telnet-0.17-35.2.1, glibc-2.4-4

How reproducible: Always

Steps to Reproduce: 
1. Telnet to a remote host
2.
3.
  
Actual results:

telnet apss-srv
Trying xxx.xxx.50.90...
Connected to apss-srv.xxxxxxxxxx.com (xxx.xxx.50.90).
Escape character is '^]'.
*** buffer overflow detected ***: telnet terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x633965]
/lib/libc.so.6(__vsprintf_chk+0x0)[0x6331e8]
/lib/libc.so.6(_IO_default_xsputn+0x9c)[0x5b87e8]
/lib/libc.so.6(_IO_vfprintf+0xfb0)[0x5930a9]
/lib/libc.so.6(__vsprintf_chk+0xa1)[0x633289]
/lib/libc.so.6(__sprintf_chk+0x30)[0x6331dc]
telnet[0x8757c9]
telnet[0x8765d4]
telnet[0x876d4b]
telnet[0x8772ec]
telnet[0x87119c]
telnet(main+0x3b1)[0x871891]
/lib/libc.so.6(__libc_start_main+0xdc)[0x56d7e4]
telnet[0x86c231]
======= Memory map: ========
00111000-00114000 r-xp 00000000 03:07 1223183    /usr/lib/libkrb5support.so.0.0
00114000-00115000 rwxp 00002000 03:07 1223183    /usr/lib/libkrb5support.so.0.0
00115000-00118000 r-xp 00000000 03:07 425455     /lib/libtermcap.so.2.0.8
00118000-00119000 rwxp 00002000 03:07 425455     /lib/libtermcap.so.2.0.8
0039e000-003a2000 r-xp 00000000 03:07 423111     /lib/libnss_dns-2.4.so
003a2000-003a3000 r-xp 00003000 03:07 423111     /lib/libnss_dns-2.4.so
003a3000-003a4000 rwxp 00004000 03:07 423111     /lib/libnss_dns-2.4.so
0043c000-004af000 r-xp 00000000 03:07 1234321    /usr/lib/libkrb5.so.3.2
004af000-004b1000 rwxp 00073000 03:07 1234321    /usr/lib/libkrb5.so.3.2
00515000-0051e000 r-xp 00000000 03:07 423113     /lib/libnss_files-2.4.so
0051e000-0051f000 r-xp 00008000 03:07 423113     /lib/libnss_files-2.4.so
0051f000-00520000 rwxp 00009000 03:07 423113     /lib/libnss_files-2.4.so
00558000-00684000 r-xp 00000000 03:07 425435     /lib/libc-2.4.so
00684000-00687000 r-xp 0012b000 03:07 425435     /lib/libc-2.4.so
00687000-00688000 rwxp 0012e000 03:07 425435     /lib/libc-2.4.so
00688000-0068b000 rwxp 00688000 00:00 0
007d0000-007db000 r-xp 00000000 03:07 425440     /lib/libgcc_s-4.1.0-20060304.so.1
007db000-007dc000 rwxp 0000a000 03:07 425440     /lib/libgcc_s-4.1.0-20060304.so.1
00867000-0088a000 r-xp 00000000 03:07 1604417    /usr/kerberos/bin/telnet
0088a000-0088f000 rwxp 00022000 03:07 1604417    /usr/kerberos/bin/telnet
0088f000-0089e000 rwxp 0088f000 00:00 0
00a40000-00a42000 r-xp 00000000 03:07 425443     /lib/libcom_err.so.2.1
00a42000-00a43000 rwxp 00001000 03:07 425443     /lib/libcom_err.so.2.1
00a53000-00a56000 r-xp 00000000 03:07 1216990    /usr/lib/libdes425.so.3.0
00a56000-00a57000 rwxp 00002000 03:07 1216990    /usr/lib/libdes425.so.3.0
00b70000-00b7f000 r-xp 00000000 03:07 423139     /lib/libresolv-2.4.so
00b7f000-00b80000 r-xp 0000e000 03:07 423139     /lib/libresolv-2.4.so
00b80000-00b81000 rwxp 0000f000 03:07 423139     /lib/libresolv-2.4.so
00b81000-00b83000 rwxp 00b81000 00:00 0
00c07000-00c08000 r-xp 00c07000 00:00 0          [vdso]
00c08000-00c21000 r-xp 00000000 03:07 425434     /lib/ld-2.4.so
00c21000-00c22000 r-xp 00018000 03:07 425434     /lib/ld-2.4.so
00c22000-00c23000 rwxp 00019000 03:07 425434     /lib/ld-2.4.so
00c41000-00c59000 r-xp 00000000 03:07 1216902    /usr/lib/libkrb4.so.2.0
00c59000-00c5a000 rwxp 00018000 03:07 1216902    /usr/lib/libkrb4.so.2.0
00c5a000-00c5f000 rwxp 00c5a000 00:00 0
00cc6000-00cea000 r-xp 00000000 03:07 1234320    /usr/lib/libk5crypto.so.3.0
00cea000-00ceb000 rwxp 00024000 03:07 1234320    /usr/lib/libk5crypto.so.3.0
084b3000-084d4000 rw-p 084b3000 00:00 0          [heap]
b7fe3000-b7fe6000 rw-p b7fe3000 00:00 0
b7ffa000-b7ffb000 rw-p b7ffa000 00:00 0
bfae4000-bfafa000 rw-p bfae4000 00:00 0          [stack]
Abort

Expected results:

Connection is established and a prompt is issued.

Additional info:
Comment 1 Harald Hoyer 2006-04-19 05:34:13 EDT
please tell me the output of:

$ which telnet

if it is /usr/kerberos/bin/telnet , you may assign this bug krb5-workstation and
use /usr/bin/telnet.
Comment 2 giulix 2006-04-20 09:15:32 EDT
/home/giulix%which telnet
/usr/kerberos/bin/telnet
Comment 3 Nalin Dahyabhai 2006-08-10 17:18:14 EDT
If you're still hitting the bug with the most recent update to FC5 (I can't when
I point the client at the telnet servers from the telnet-server and
krb5-workstation packages), please install "netcat" and try to get a dump of
what traffic the server is sending which is triggering the bug, like this:
  sleep 10 | nc apss-srv 23 > server-log.dat
I should be able to play it back using netcat's listen mode and reproduce the
crash that way.
Comment 5 petrosyan 2008-03-11 13:02:10 EDT
The information we've requested above is required in order
to review this problem report further and diagnose/fix the
issue if it is still present.  Since there have not been any
updates to the report since thirty (30) days or more since we
requested additional information, we're assuming the problem
is either no longer present in the current Fedora release, or
that there is no longer any interest in tracking the problem.

Setting status to "INSUFFICIENT_DATA".  If you still
experience this problem after updating to our latest Fedora
release and can provide the information previously requested, 
please feel free to reopen the bug report.

Thank you in advance.