From owner-freebsd-security Wed Jul 18 22:48:49 2001 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id C662037B401 for ; Wed, 18 Jul 2001 22:48:44 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id WAA27612; Wed, 18 Jul 2001 22:48:30 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda27610; Wed Jul 18 22:48:25 2001 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.4/8.9.1) id f6J5mJg10241; Wed, 18 Jul 2001 22:48:19 -0700 (PDT) Received: from UNKNOWN(10.1.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdp10239; Wed Jul 18 22:47:48 2001 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.4/8.9.1) id f6J5lmD66188; Wed, 18 Jul 2001 22:47:48 -0700 (PDT) Message-Id: <200107190547.f6J5lmD66188@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdq66183; Wed Jul 18 22:47:18 2001 X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: schubert To: Mike Tancsa Cc: Kris Kennaway , security@FreeBSD.ORG Subject: Re: FreeBSD remote root exploit ? In-reply-to: Your message of "Thu, 19 Jul 2001 01:09:35 EDT." <5.1.0.14.0.20010719010646.03e25eb8@192.168.0.12> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 18 Jul 2001 22:47:18 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I wouldn't be surprised that Kerberos IV and V telnetd's are also vulnerable. The krb5 port will need to be patched when we patch the base telnetd. Also, there are two telnetd's in the base tree. I'm sure everyone knows this, I put my paranoid manager's hat on. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC In message <5.1.0.14.0.20010719010646.03e25eb8@192.168.0.12>, Mike Tancsa write s: > > Major drag. Sadly, one of my customers needs telnetd running. Are there > any alternative daemons that can be used as a temp measure that are not > derived from the BSD tree ? > > ---Mike > > At 09:39 PM 7/18/2001 -0700, Kris Kennaway wrote: > >I haven't been able to verify it yet; they didn't bother to give us > >any advance notice before releasing to bugtraq, nor did they give us > >any additional details. > > > >Kris > > > >On Thu, Jul 19, 2001 at 12:19:09AM -0400, Mike Tancsa wrote: > > > > > > Posted to bugtraq is a notice about telnetd being remotely root > > > exploitable. Does anyone know if it is true ? > > > > > > ---Mike > > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Network Administration, mike@sentex.net > Sentex Communications www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message