Bug 189332 - telnet core dumps
Summary: telnet core dumps
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Fedora
Classification: Fedora
Component: krb5
Version: 5
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-04-19 09:19 UTC by giulix
Modified: 2008-03-11 17:02 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-03-11 17:02:10 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description giulix 2006-04-19 09:19:51 UTC 
Description of problem: Telnet core dumps

Version-Release number of selected component (if applicable):
telnet-0.17-35.2.1, glibc-2.4-4

How reproducible: Always

Steps to Reproduce: 
1. Telnet to a remote host
2.
3.
  
Actual results:

telnet apss-srv
Trying xxx.xxx.50.90...
Connected to apss-srv.xxxxxxxxxx.com (xxx.xxx.50.90).
Escape character is '^]'.
*** buffer overflow detected ***: telnet terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x633965]
/lib/libc.so.6(__vsprintf_chk+0x0)[0x6331e8]
/lib/libc.so.6(_IO_default_xsputn+0x9c)[0x5b87e8]
/lib/libc.so.6(_IO_vfprintf+0xfb0)[0x5930a9]
/lib/libc.so.6(__vsprintf_chk+0xa1)[0x633289]
/lib/libc.so.6(__sprintf_chk+0x30)[0x6331dc]
telnet[0x8757c9]
telnet[0x8765d4]
telnet[0x876d4b]
telnet[0x8772ec]
telnet[0x87119c]
telnet(main+0x3b1)[0x871891]
/lib/libc.so.6(__libc_start_main+0xdc)[0x56d7e4]
telnet[0x86c231]
======= Memory map: ========
00111000-00114000 r-xp 00000000 03:07 1223183    /usr/lib/libkrb5support.so.0.0
00114000-00115000 rwxp 00002000 03:07 1223183    /usr/lib/libkrb5support.so.0.0
00115000-00118000 r-xp 00000000 03:07 425455     /lib/libtermcap.so.2.0.8
00118000-00119000 rwxp 00002000 03:07 425455     /lib/libtermcap.so.2.0.8
0039e000-003a2000 r-xp 00000000 03:07 423111     /lib/libnss_dns-2.4.so
003a2000-003a3000 r-xp 00003000 03:07 423111     /lib/libnss_dns-2.4.so
003a3000-003a4000 rwxp 00004000 03:07 423111     /lib/libnss_dns-2.4.so
0043c000-004af000 r-xp 00000000 03:07 1234321    /usr/lib/libkrb5.so.3.2
004af000-004b1000 rwxp 00073000 03:07 1234321    /usr/lib/libkrb5.so.3.2
00515000-0051e000 r-xp 00000000 03:07 423113     /lib/libnss_files-2.4.so
0051e000-0051f000 r-xp 00008000 03:07 423113     /lib/libnss_files-2.4.so
0051f000-00520000 rwxp 00009000 03:07 423113     /lib/libnss_files-2.4.so
00558000-00684000 r-xp 00000000 03:07 425435     /lib/libc-2.4.so
00684000-00687000 r-xp 0012b000 03:07 425435     /lib/libc-2.4.so
00687000-00688000 rwxp 0012e000 03:07 425435     /lib/libc-2.4.so
00688000-0068b000 rwxp 00688000 00:00 0
007d0000-007db000 r-xp 00000000 03:07 425440     /lib/libgcc_s-4.1.0-20060304.so.1
007db000-007dc000 rwxp 0000a000 03:07 425440     /lib/libgcc_s-4.1.0-20060304.so.1
00867000-0088a000 r-xp 00000000 03:07 1604417    /usr/kerberos/bin/telnet
0088a000-0088f000 rwxp 00022000 03:07 1604417    /usr/kerberos/bin/telnet
0088f000-0089e000 rwxp 0088f000 00:00 0
00a40000-00a42000 r-xp 00000000 03:07 425443     /lib/libcom_err.so.2.1
00a42000-00a43000 rwxp 00001000 03:07 425443     /lib/libcom_err.so.2.1
00a53000-00a56000 r-xp 00000000 03:07 1216990    /usr/lib/libdes425.so.3.0
00a56000-00a57000 rwxp 00002000 03:07 1216990    /usr/lib/libdes425.so.3.0
00b70000-00b7f000 r-xp 00000000 03:07 423139     /lib/libresolv-2.4.so
00b7f000-00b80000 r-xp 0000e000 03:07 423139     /lib/libresolv-2.4.so
00b80000-00b81000 rwxp 0000f000 03:07 423139     /lib/libresolv-2.4.so
00b81000-00b83000 rwxp 00b81000 00:00 0
00c07000-00c08000 r-xp 00c07000 00:00 0          [vdso]
00c08000-00c21000 r-xp 00000000 03:07 425434     /lib/ld-2.4.so
00c21000-00c22000 r-xp 00018000 03:07 425434     /lib/ld-2.4.so
00c22000-00c23000 rwxp 00019000 03:07 425434     /lib/ld-2.4.so
00c41000-00c59000 r-xp 00000000 03:07 1216902    /usr/lib/libkrb4.so.2.0
00c59000-00c5a000 rwxp 00018000 03:07 1216902    /usr/lib/libkrb4.so.2.0
00c5a000-00c5f000 rwxp 00c5a000 00:00 0
00cc6000-00cea000 r-xp 00000000 03:07 1234320    /usr/lib/libk5crypto.so.3.0
00cea000-00ceb000 rwxp 00024000 03:07 1234320    /usr/lib/libk5crypto.so.3.0
084b3000-084d4000 rw-p 084b3000 00:00 0          [heap]
b7fe3000-b7fe6000 rw-p b7fe3000 00:00 0
b7ffa000-b7ffb000 rw-p b7ffa000 00:00 0
bfae4000-bfafa000 rw-p bfae4000 00:00 0          [stack]
Abort

Expected results:

Connection is established and a prompt is issued.

Additional info:
Comment 1 Harald Hoyer 2006-04-19 09:34:13 UTC 
please tell me the output of:

$ which telnet

if it is /usr/kerberos/bin/telnet , you may assign this bug krb5-workstation and
use /usr/bin/telnet.
Comment 2 giulix 2006-04-20 13:15:32 UTC 
/home/giulix%which telnet
/usr/kerberos/bin/telnet
Comment 3 Nalin Dahyabhai 2006-08-10 21:18:14 UTC 
If you're still hitting the bug with the most recent update to FC5 (I can't when
I point the client at the telnet servers from the telnet-server and
krb5-workstation packages), please install "netcat" and try to get a dump of
what traffic the server is sending which is triggering the bug, like this:
  sleep 10 | nc apss-srv 23 > server-log.dat
I should be able to play it back using netcat's listen mode and reproduce the
crash that way.
Comment 5 petrosyan 2008-03-11 17:02:10 UTC 
The information we've requested above is required in order
to review this problem report further and diagnose/fix the
issue if it is still present.  Since there have not been any
updates to the report since thirty (30) days or more since we
requested additional information, we're assuming the problem
is either no longer present in the current Fedora release, or
that there is no longer any interest in tracking the problem.

Setting status to "INSUFFICIENT_DATA".  If you still
experience this problem after updating to our latest Fedora
release and can provide the information previously requested, 
please feel free to reopen the bug report.

Thank you in advance.
Note You need to log in before you can comment on or make changes to this bug.