From owner-freebsd-security  Thu Jul 19  0:43:57 2001
Delivered-To: freebsd-security@freebsd.org
Received: from amsmta02-svc.chello.nl (mail-out.chello.nl [213.46.240.7])
	by hub.freebsd.org (Postfix) with ESMTP id 27EC737B403
	for <security@FreeBSD.ORG>; Thu, 19 Jul 2001 00:43:54 -0700 (PDT)
	(envelope-from asmodai@wxs.nl)
Received: from daemon.chronias.ninth-circle.org ([62.163.96.180])
          by amsmta02-svc.chello.nl
          (InterMail vK.4.03.02.00 201-232-124 license dd4a379df8e387594186908c65258374)
          with ESMTP
          id <20010719074319.JAKC10337.amsmta02-svc@daemon.chronias.ninth-circle.org>;
          Thu, 19 Jul 2001 09:43:19 +0200
Received: (from asmodai@localhost)
	by daemon.chronias.ninth-circle.org (8.11.3/8.11.3) id f6J7hmd77811;
	Thu, 19 Jul 2001 09:43:48 +0200 (CEST)
	(envelope-from asmodai)
Date: Thu, 19 Jul 2001 09:43:48 +0200
From: Jeroen Ruigrok/Asmodai <asmodai@wxs.nl>
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc: Mike Tancsa <mike@sentex.net>,
	Kris Kennaway <kris@obsecurity.org>, security@FreeBSD.ORG
Subject: Re: FreeBSD remote root exploit ?
Message-ID: <20010719094348.K58092@daemon.ninth-circle.org>
References: <5.1.0.14.0.20010719010646.03e25eb8@192.168.0.12> <200107190547.f6J5lmD66188@cwsys.cwsent.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200107190547.f6J5lmD66188@cwsys.cwsent.com>
User-Agent: Mutt/1.3.19i
Organisation: Ninth-Circle Enterprises
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

-On [20010719 08:00], Cy Schubert - ITSD Open Systems Group (Cy.Schubert@uumail.gov.bc.ca) wrote:
>I wouldn't be surprised that Kerberos IV and V telnetd's are also 
>vulnerable.  The krb5 port will need to be patched when we patch the 
>base telnetd.
>
>Also, there are two telnetd's in the base tree.  I'm sure everyone 
>knows this, I put my paranoid manager's hat on.

Don't forget I have been doing a lot of synching between the two/three
telnet(d)'s in the source repository, including a lot of fix merging
[which Kris did a lot of the work in first place for].

Suffice to say we don't have real stock telnet(d)'s present, but quite
audited in a lot of places.

Now that I have more time again I need to continue moving the
telnet(d)'s into one app again.

-- 
Jeroen Ruigrok van der Werven/Asmodai asmodai@[wxs.nl|freebsd.org|xmach.org]
Documentation nutter/C-rated Coder, finger asmodai@ninth-circle.dnsalias.net
http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/
You shall see wonders...

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message