This article applies to BoKS version 6.6.0 through 6.7.1.

 

Description

A buffer overflow vulnerability has been found in the tcpcrypt program used for BoKS encrypted telnet up to and including BoKS version 6.7.1. Since tcpcrypt is a setuid program, exploiting the vulnerability can lead to privilege escalation.


The vulnerability affects Linux-based platforms only.


Resolution / Workaround

 

To resolve these issues, apply hotfix HFBM-0223, available for download from the HelpSystems Community Portal.

 

This hotfix corrects the buffer overflow error.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: November 14, 2019