Date: Tue, 14 Aug 2001 17:11:50 +0930 From: Greg Lehey <grog@FreeBSD.org> To: Ryan Thompson <ryan@sasknow.com> Cc: William Nunn <yorkie123@hotmail.com>, freebsd-questions@FreeBSD.ORG Subject: Re: Remotely Exploitable telnetd bug Message-ID: <20010814171150.S61413@wantadilla.lemis.com> In-Reply-To: <Pine.BSF.4.21.0108140120340.24670-100000@ren.sasknow.com>; from ryan@sasknow.com on Tue, Aug 14, 2001 at 01:28:15AM -0600 References: <OE20Sx9x7BEH3PaydnL0000c0db@hotmail.com> <Pine.BSF.4.21.0108140120340.24670-100000@ren.sasknow.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday, 14 August 2001 at 1:28:15 -0600, Ryan Thompson wrote: > William Nunn wrote to freebsd-questions@FreeBSD.ORG: > >> I'm planning on buying freebsd, but I saw the news about the bug on >> the site. As of today Aug 14th, If I buy a new jewel case or boxed >> distribution, will it include that security flaw. I know there is a >> patch for it, but I'm interested to know if i'm spared of it. > > As Kris has already pointed out, the current (4.3-RELEASE) CDs still > contain the vulnerability. In your shoes, you have three options to squash > the bug: > > 1) Wait for the new CDs to ship (a small ways away yet) > 2) Get the current 4.3-RELEASE CDs, and install FreeBSD. Then > patch your system with the posted fixes. > 3) Get 4.3 (on CD, downloaded, etc), and use cvsup to bring > your system to the latest -STABLE version (which, right now, > I think, is a 4.4 prerealease, meaning the latest stability > and security issues are already in place). The best alternative is: don't use telnet. Even with this fix, the protocol is inherently insecure. Greg -- When replying to this message, please copy the original recipients. If you don't, I may ignore the reply. For more information, see http://www.lemis.com/questions.html See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010814171150.S61413>