From owner-freebsd-security Wed Jul 18 23:39: 8 2001 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id D9CBA37B434 for ; Wed, 18 Jul 2001 23:38:59 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id XAA27762; Wed, 18 Jul 2001 23:38:51 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda27760; Wed Jul 18 23:38:43 2001 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.4/8.9.1) id f6J6ccu10462; Wed, 18 Jul 2001 23:38:38 -0700 (PDT) Received: from UNKNOWN(10.1.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdN10460; Wed Jul 18 23:37:50 2001 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.4/8.9.1) id f6J6bnf66559; Wed, 18 Jul 2001 23:37:49 -0700 (PDT) Message-Id: <200107190637.f6J6bnf66559@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdx66415; Wed Jul 18 23:37:42 2001 X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: schubert To: Mike Tancsa Cc: Kris Kennaway , security@FreeBSD.ORG Subject: Re: FreeBSD remote root exploit ? In-reply-to: Your message of "Thu, 19 Jul 2001 01:09:35 EDT." <5.1.0.14.0.20010719010646.03e25eb8@192.168.0.12> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 18 Jul 2001 23:37:42 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The advisory says that OpenBSD-current invulnerable. Looking at the OpenBSD source tree, they've replaced BSD telnetd with heimdal telnetd. Build with kerberos5 enabled might be a temp workaround. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC In message <5.1.0.14.0.20010719010646.03e25eb8@192.168.0.12>, Mike Tancsa write s: > > Major drag. Sadly, one of my customers needs telnetd running. Are there > any alternative daemons that can be used as a temp measure that are not > derived from the BSD tree ? > > ---Mike > > At 09:39 PM 7/18/2001 -0700, Kris Kennaway wrote: > >I haven't been able to verify it yet; they didn't bother to give us > >any advance notice before releasing to bugtraq, nor did they give us > >any additional details. > > > >Kris > > > >On Thu, Jul 19, 2001 at 12:19:09AM -0400, Mike Tancsa wrote: > > > > > > Posted to bugtraq is a notice about telnetd being remotely root > > > exploitable. Does anyone know if it is true ? > > > > > > ---Mike > > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Network Administration, mike@sentex.net > Sentex Communications www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message