From owner-freebsd-security  Sat Jul 13 15:08:40 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id PAA21270
          for security-outgoing; Sat, 13 Jul 1996 15:08:40 -0700 (PDT)
Received: from dhp.com (dhp.com [199.245.105.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id PAA21262
          for <freebsd-security@freebsd.org>; Sat, 13 Jul 1996 15:08:36 -0700 (PDT)
Received: (from jaeger@localhost) by dhp.com (8.7.5/8.6.12) id SAA31356; Sat, 13 Jul 1996 18:08:31 -0400
Date: Sat, 13 Jul 1996 18:08:30 -0400 (EDT)
From: jaeger <jaeger@dhp.com>
To: Frode Nordahl <froden@bigblue.no>
cc: freebsd-security@freebsd.org
Subject: Re: FreeBSD 2.1.0 Telnetd vulnerable?
In-Reply-To: <199607131434.PAA28164@login.bigblue.no>
Message-ID: <Pine.LNX.3.91.960713180142.30935A-100000@dhp.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Sat, 13 Jul 1996, Frode Nordahl wrote:

> We're reading throgh the CERT releases to make our FreeBSD system as hole-less as possible.  
> The vulnerability specified in the CA-95:14.Telnetd_Environment_Vulnerability CERT release, 
> is this valid for FreeBSD 2.1.0?  If so where can I get the patch for the telnetd?

	I believe 2.0.5-RELEASE was the last release vulnerable to this bug.
My tests show 2.1.0-RELEASE is not vulnerable. Don't forget mount_union,
suidperl, rdist, iijppp, sliplogin, etc.  It seems we've had a bunch of
holes suddenly discovered in the last 2 months.

-jaeger