NetKit (ntalk) talkd Crafted DNS Response Remote Overflow
Remote / Network Access
Loss of Integrity
A remote overflow exists in talkd. The talkd fails to check bounds on the buffer where the hostname is stored resulting in a stack space overflow. With a specially crafted DNS entry, an attacker can cause remote execution of arbitrary commands with root privileges resulting in a loss of integrity.
Upgrade to version 0.07 or higher, as it has been reported to fix this vulnerability. It is also possible to temporarily work around the flaw by implementing the following workaround: disabled the 'talkd' service.