From owner-freebsd-questions Sat Jan 19 9:12:43 2002 Delivered-To: freebsd-questions@freebsd.org Received: from gwdu60.gwdg.de (gwdu60.gwdg.de [134.76.98.60]) by hub.freebsd.org (Postfix) with ESMTP id C144037B417 for ; Sat, 19 Jan 2002 09:12:40 -0800 (PST) Received: from localhost (kheuer@localhost) by gwdu60.gwdg.de (8.11.6/8.11.6) with ESMTP id g0JHCch55991; Sat, 19 Jan 2002 18:12:38 +0100 (CET) (envelope-from kheuer@gwdu60.gwdg.de) Date: Sat, 19 Jan 2002 18:12:38 +0100 (CET) From: Konrad Heuer To: Joe & Fhe Barbish Cc: FBSD Questions Subject: Re: telnet/ftp security In-Reply-To: Message-ID: <20020119180656.M55983-100000@gwdu60.gwdg.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, 19 Jan 2002, Joe & Fhe Barbish wrote: > I have telnet & FTP ID/PW access to my FBSD gateway/ipfw > box from the internet. Are there any security holes in > these two applications that would allow breaking into my system? FreeBSD prior to 4.4-RELEASE has had a serious security flaw in telnetd (see ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.= v1.1.asc). If you run 4.4-RELEASE or 4.4-STABLE, there is no known problem. Nevetheless, ssh/sshd seems to a better solution for you since no clear text passwords have to transmitted here. Best regards Konrad Heuer Personal Bookmarks: Gesellschaft f=FCr wissenschaftliche Datenverarbeitung mbH G=D6ttingen http://www.freebsd.org Am Fa=DFberg, D-37077 G=D6ttingen http://www.daemonnews.o= rg Deutschland (Germany) kheuer@gwdu60.gwdg.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message