per CERT Advisory CA-97.04, talkd has been found to be exploitable:

....
     As part of the talk connection, talkd does a DNS lookup for the name
     of the host that the connection is being initiated from. Because there
     is insufficient bounds checking on the buffer where the hostname is
     stored, it is possible to overwrite the internal stack space of talkd.

     It is possible to force talkd to execute arbitrary commands by carefully
     manipulating the hostname information. As talkd runs with root
     privileges, this may allow intruders to remotely execute arbitrary
     commands with these privileges.
....

It seems the FreeBSD crew has a talkd patch available.  Can this be  
easily used by us NetBSD folks?  Or is NetBSD's talkd safe?


-- 
Matthew B. Wood                                              mbwood@netcom.com
    
      "Do you know how many time zones there are in the Soviet Union?"