Hi Richard and Steve, This CVE is not detected with CVE report tools as there is discrepancy in NVD database. CVE is vulnerable to netkit-telnet package but not updated on https://nvd.nist.gov/vuln/detail/CVE-2022-39028.
Additionally, all stable branches have same version 0.17 of netkit-telnet package. Once these changes got approve and merge on master branch I would request you to cherry-pick same on all stable branches. Thanks, Sanjay >-----Original Message----- >From: [email protected] <openembedded- >[email protected]> On Behalf Of SANJAYKUMAR CHITRODA via >lists.openembedded.org >Sent: Friday, September 22, 2023 4:47 PM >To: [email protected] >Cc: SANJAYKUMAR CHITRODA <[email protected]> >Subject: [External] [oe] [meta-oe][PATCH] netkit-telnet: Fix CVE-2022-39028 > > >CAUTION: This email originated from outside of the organization. This message >might not be safe, use caution in opening it. If in doubt, do not open the >attachment nor links in the message. > > >From: Sanjay Chitroda <[email protected]> > >References: >https://nvd.nis/ >t.gov%2Fvuln%2Fdetail%2FCVE-2022- >39028&data=05%7C01%7CSANJAY.CHITRODA%40einfochips.com%7C158a1105 >621a4754519e08dbbb5d8800%7C0beb0c359cbb4feb99e5589e415c7944%7C1 >%7C0%7C638309782639739868%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4 >wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C >%7C%7C&sdata=z%2F3WhzV2TN%2FL%2Bkgox4zTaZw6VaBcUewEeoM9LES8sG >U%3D&reserved=0 >https://securit/ >y-tracker.debian.org%2Ftracker%2FCVE-2022- >39028&data=05%7C01%7CSANJAY.CHITRODA%40einfochips.com%7C158a1105 >621a4754519e08dbbb5d8800%7C0beb0c359cbb4feb99e5589e415c7944%7C1 >%7C0%7C638309782639739868%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4 >wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C >%7C%7C&sdata=v3Wyl2XT%2FfOEDO%2F5JMZP6baB4%2BwN%2BWbNtkfQAr >p1eoc%3D&reserved=0 > >Upstream Patch: >https://cgit.fre/ >ebsd.org%2Fsrc%2Fcommit%2F%3Fid%3D6914ffef4e23&data=05%7C01%7CSA >NJAY.CHITRODA%40einfochips.com%7C158a1105621a4754519e08dbbb5d8800 >%7C0beb0c359cbb4feb99e5589e415c7944%7C1%7C0%7C63830978263973986 >8%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiL >CJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=gjdgME8y%2 >FIw8ZApproq4EkHP3FM3n%2Fxk8oFKWUfv5Mk%3D&reserved=0 > >- Patch is adopted from FreeBSD, as same vulnerability of > telnetd is applicable to FreeBSD and netkit-telnet packages. > >Signed-off-by: Sanjay Chitroda <[email protected]> >--- > .../netkit-telnet/files/CVE-2022-39028.patch | 53 +++++++++++++++++++ > .../netkit-telnet/netkit-telnet_0.17.bb | 1 + > 2 files changed, 54 insertions(+) > create mode 100644 meta-networking/recipes-netkit/netkit-telnet/files/CVE- >2022-39028.patch > >diff --git a/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022- >39028.patch b/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022- >39028.patch >new file mode 100644 >index 000000000..e8c3f1d84 >--- /dev/null >+++ b/meta-networking/recipes-netkit/netkit-telnet/files/CVE-2022-39028. >+++ patch >@@ -0,0 +1,53 @@ >+From 4133a888aa256312186962ab70d4a36eed5920c1 Mon Sep 17 00:00:00 >2001 >+From: Brooks Davis <[email protected]> >+Date: Mon, 26 Sep 2022 18:56:51 +0100 >+Subject: [PATCH] telnetd: fix two-byte input crash >+ >+Move initialization of the slc table earlier so it doesn't get accessed >+before that happens. >+ >+For details on the issue, see: >+https://pierr/ >+ekim.github.io%2Fblog%2F2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-ne >+tkit-telnetd-inetutils-telnetd-kerberos-telnetd.html&data=05%7C01%7CSAN >+JAY.CHITRODA%40einfochips.com%7C158a1105621a4754519e08dbbb5d8800 >%7C0beb >+0c359cbb4feb99e5589e415c7944%7C1%7C0%7C638309782639739868%7CUn >known%7CT >+WFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJ >XVCI6 >+Mn0%3D%7C3000%7C%7C%7C&sdata=fBoVN%2B9yM%2B4DrREUJjjIuNQwP >Yle3PUIHXQ2%2 >+BoOsXeE%3D&reserved=0 >+ >+Reviewed by: cy >+Obtained from: NetBSD via cy >+Differential Revision: >+https://revie/ >+ws.freebsd.org%2FD36680&data=05%7C01%7CSANJAY.CHITRODA%40einfochi >ps.com >+%7C158a1105621a4754519e08dbbb5d8800%7C0beb0c359cbb4feb99e5589e >415c7944% >+7C1%7C0%7C638309782639739868%7CUnknown%7CTWFpbGZsb3d8eyJWIjo >iMC4wLjAwMD >+AiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C >&sdata= >+aq1Jl3S0W9WlKBfN0OPW7%2FbFxQTS5cLY76XwufME9F4%3D&reserved=0 >+ >+CVE: CVE-2022-39028 >+Upstream-Status: Backport >+[https://cgit/ >+.freebsd.org%2Fsrc%2Fcommit%2F%3Fid%3D6914ffef4e23&data=05%7C01%7 >CSANJA >+Y.CHITRODA%40einfochips.com%7C158a1105621a4754519e08dbbb5d8800% >7C0beb0c >+359cbb4feb99e5589e415c7944%7C1%7C0%7C638309782639739868%7CUnkn >own%7CTWF >+pbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV >CI6Mn >+0%3D%7C3000%7C%7C%7C&sdata=gjdgME8y%2FIw8ZApproq4EkHP3FM3n% >2Fxk8oFKWUfv >+5Mk%3D&reserved=0] >+ >+(cherry picked from commit 6914ffef4e2318ca1d0ead28eafb6f06055ce0f8) >+Signed-off-by: Sanjay Chitroda <[email protected]> >+ >+--- >+ telnetd/telnetd.c | 10 +++++----- >+ 1 file changed, 5 insertions(+), 5 deletions(-) >+ >+diff --git a/telnetd/telnetd.c b/telnetd/telnetd.c index >+f36f505..efa0fe1 100644 >+--- a/telnetd/telnetd.c >++++ b/telnetd/telnetd.c >+@@ -615,6 +615,11 @@ doit(struct sockaddr_in *who) >+ int level; >+ char user_name[256]; >+ >++ /* >++ * Initialize the slc mapping table. >++ */ >++ get_slc_defaults(); >++ >+ /* >+ * Find an available pty to use. >+ */ >+@@ -698,11 +703,6 @@ void telnet(int f, int p) >+ char *HE; >+ const char *IM; >+ >+- /* >+- * Initialize the slc mapping table. >+- */ >+- get_slc_defaults(); >+- >+ /* >+ * Do some tests where it is desireable to wait for a response. >+ * Rather than doing them slowly, one at a time, do them all >diff --git a/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb >b/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb >index e28eeae49..d3de038d1 100644 >--- a/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb >+++ b/meta-networking/recipes-netkit/netkit-telnet/netkit-telnet_0.17.bb >@@ -16,6 +16,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/n/netkit- >telnet/netkit-telnet_${PV}.orig.tar.gz > > file://0001-telnetd-utility.c-Fix-buffer-overflow-in-netoprintf.patch \ > > file://0001-utility-Include-time.h-form-time-and-strftime-protot.patch \ > file://0001-Drop-using-register-keyword.patch \ >+ file://CVE-2022-39028.patch \ > " > > UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/n/netkit-telnet/" >-- >2.35.6
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#105057): https://lists.openembedded.org/g/openembedded-devel/message/105057 Mute This Topic: https://lists.openembedded.org/mt/101518966/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
