Date: Thu, 19 Jul 2001 09:43:48 +0200 From: Jeroen Ruigrok/Asmodai <asmodai@wxs.nl> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Mike Tancsa <mike@sentex.net>, Kris Kennaway <kris@obsecurity.org>, security@FreeBSD.ORG Subject: Re: FreeBSD remote root exploit ? Message-ID: <20010719094348.K58092@daemon.ninth-circle.org> In-Reply-To: <200107190547.f6J5lmD66188@cwsys.cwsent.com> References: <5.1.0.14.0.20010719010646.03e25eb8@192.168.0.12> <200107190547.f6J5lmD66188@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-On [20010719 08:00], Cy Schubert - ITSD Open Systems Group (Cy.Schubert@uumail.gov.bc.ca) wrote: >I wouldn't be surprised that Kerberos IV and V telnetd's are also >vulnerable. The krb5 port will need to be patched when we patch the >base telnetd. > >Also, there are two telnetd's in the base tree. I'm sure everyone >knows this, I put my paranoid manager's hat on. Don't forget I have been doing a lot of synching between the two/three telnet(d)'s in the source repository, including a lot of fix merging [which Kris did a lot of the work in first place for]. Suffice to say we don't have real stock telnet(d)'s present, but quite audited in a lot of places. Now that I have more time again I need to continue moving the telnet(d)'s into one app again. -- Jeroen Ruigrok van der Werven/Asmodai asmodai@[wxs.nl|freebsd.org|xmach.org] Documentation nutter/C-rated Coder, finger asmodai@ninth-circle.dnsalias.net http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/ You shall see wonders... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010719094348.K58092>