Date: Thu, 19 Jul 2001 10:47:50 +0200 From: Jeroen Ruigrok/Asmodai <asmodai@wxs.nl> To: Matt Dillon <dillon@earth.backplane.com> Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, Mike Tancsa <mike@sentex.net>, Kris Kennaway <kris@obsecurity.org>, security@FreeBSD.ORG Subject: Re: FreeBSD remote root exploit ? Message-ID: <20010719104750.L58092@daemon.ninth-circle.org> In-Reply-To: <200107190747.f6J7lMU71487@earth.backplane.com> References: <200107190547.f6J5lmD66188@cwsys.cwsent.com> <200107190747.f6J7lMU71487@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-On [20010719 10:00], Matt Dillon (dillon@earth.backplane.com) wrote: > Lets see... There are actually *FOUR* telnetd's in our source tree. > > /usr/src/crypto/telnet/telnetd VULNERABLE > /usr/src/libexec/telnetd VULNERABLE I was busy merging these two and then later get rid off one after adding compile time code in/exclusion. > /usr/src/crypto/heimdal/appl/telnet/telnetd NOT VULNERABLE > /usr/src/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c NOT VULNERABLE Not sure if all four can be collapsed. -- Jeroen Ruigrok van der Werven/Asmodai asmodai@[wxs.nl|freebsd.org|xmach.org] Documentation nutter/C-rated Coder, finger asmodai@ninth-circle.dnsalias.net http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/ Whoever undertakes to set himself up as judge in the field of truth and knowledge is shipwrecked by the laughter of the Gods. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010719104750.L58092>