From owner-freebsd-security Thu Jul 19 1:48: 1 2001 Delivered-To: freebsd-security@freebsd.org Received: from amsmta06-svc.chello.nl (mail-out.chello.nl [213.46.240.7]) by hub.freebsd.org (Postfix) with ESMTP id 765C937B401 for ; Thu, 19 Jul 2001 01:47:56 -0700 (PDT) (envelope-from asmodai@wxs.nl) Received: from daemon.chronias.ninth-circle.org ([62.163.96.180]) by amsmta06-svc.chello.nl (InterMail vK.4.03.02.00 201-232-124 license dd4a379df8e387594186908c65258374) with ESMTP id <20010719084802.GCUQ13241.amsmta06-svc@daemon.chronias.ninth-circle.org>; Thu, 19 Jul 2001 10:48:02 +0200 Received: (from asmodai@localhost) by daemon.chronias.ninth-circle.org (8.11.3/8.11.3) id f6J8lpB78356; Thu, 19 Jul 2001 10:47:51 +0200 (CEST) (envelope-from asmodai) Date: Thu, 19 Jul 2001 10:47:50 +0200 From: Jeroen Ruigrok/Asmodai To: Matt Dillon Cc: Cy Schubert - ITSD Open Systems Group , Mike Tancsa , Kris Kennaway , security@FreeBSD.ORG Subject: Re: FreeBSD remote root exploit ? Message-ID: <20010719104750.L58092@daemon.ninth-circle.org> References: <200107190547.f6J5lmD66188@cwsys.cwsent.com> <200107190747.f6J7lMU71487@earth.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200107190747.f6J7lMU71487@earth.backplane.com> User-Agent: Mutt/1.3.19i Organisation: Ninth-Circle Enterprises Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -On [20010719 10:00], Matt Dillon (dillon@earth.backplane.com) wrote: > Lets see... There are actually *FOUR* telnetd's in our source tree. > > /usr/src/crypto/telnet/telnetd VULNERABLE > /usr/src/libexec/telnetd VULNERABLE I was busy merging these two and then later get rid off one after adding compile time code in/exclusion. > /usr/src/crypto/heimdal/appl/telnet/telnetd NOT VULNERABLE > /usr/src/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c NOT VULNERABLE Not sure if all four can be collapsed. -- Jeroen Ruigrok van der Werven/Asmodai asmodai@[wxs.nl|freebsd.org|xmach.org] Documentation nutter/C-rated Coder, finger asmodai@ninth-circle.dnsalias.net http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/ Whoever undertakes to set himself up as judge in the field of truth and knowledge is shipwrecked by the laughter of the Gods. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message