Date: Sat, 24 Dec 2011 16:41:40 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Colin Percival <cperciva@freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: Merry Christmas from the FreeBSD Security Team Message-ID: <20111224161408.R64681@sola.nimnet.asn.au> In-Reply-To: <4EF4BBB5.2030900@freebsd.org> References: <4EF4A120.1000305@freebsd.org> <Pine.SOL.4.64.1112231103280.23931@nova.fnal.gov> <4EF4BBB5.2030900@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 23 Dec 2011 09:34:45 -0800, Colin Percival wrote: > On 12/23/11 09:08, Tim Zingelman wrote: > > On Fri, 23 Dec 2011, FreeBSD Security Officer wrote: > >> Unfortunately my hand was forced: One of the issues (FreeBSD-SA-11:08.telnetd) > >> is a remote root vulnerability which is being actively exploited in the wild; > >> bugs really don't come any worse than this. On the positive side, most people > >> have moved past telnet and on to SSH by now; but this is still not an issue we > >> could postpone until a more convenient time. > > > > Is there any reason this does would not apply to telnetd from most other > > vendors? In particular MIT Kerberos & heimdal? > > It probably applies to everyone shipping BSD telnetd -- I notified the projects > I could think of, but I'm sure I missed a few. OS/2 Warp? Or do you figure IBM is big enough to look after itself? :) On a less frivolous but probably too picky note, I guess it's obvious enough that in the case of named (and telnet, if not run from inetd), one needs to restart the server after patching as advised? On behalf of Scrooges everywhere, thanks for these and all your work! Solsticial cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111224161408.R64681>