This article applies to BoKS version 6.6.0 through 6.7.1.
A buffer overflow vulnerability has been found in the tcpcrypt program used for BoKS encrypted telnet up to and including BoKS version 6.7.1. Since tcpcrypt is a setuid program, exploiting the vulnerability can lead to privilege escalation.
The vulnerability affects Linux-based platforms only.
Resolution / Workaround
To resolve these issues, apply hotfix HFBM-0223, available for download from the HelpSystems Community Portal.
This hotfix corrects the buffer overflow error.
Still have questions? We can help. Submit a case to Technical Support.