11 lines
No EOL
934 B
Text
11 lines
No EOL
934 B
Text
source: https://www.securityfocus.com/bid/4419/info
|
|
|
|
talkd is a client-server application shipped with many Unix and Linux variants that is used for communication between users locally or remotely.
|
|
|
|
talkd does not perform adequate validation of users making talk requests. As a result, it is possible for an attacker to spoof users during a talk session.
|
|
|
|
This problem is exploitable remotely or locally and may aid an attacker in social engineering attacks.
|
|
|
|
A malicious version of the NetBSD talkd component was used to exploit this issue, so it can be assumed that NetBSD is affected by this issue. However, talkd ships as a core component for a number of Linux and Unix variants and is independently maintained by the various distributions, so it is highly probable that many other operating systems are affected by this vulnerability.
|
|
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21364.tar.gz |