From owner-freebsd-security  Thu Jul 19  8:11:41 2001
Delivered-To: freebsd-security@freebsd.org
Received: from gw.nectar.com (gw.nectar.com [208.42.49.153])
	by hub.freebsd.org (Postfix) with ESMTP id 2C7A437B403
	for <security@FreeBSD.ORG>; Thu, 19 Jul 2001 08:11:39 -0700 (PDT)
	(envelope-from nectar@nectar.com)
Received: from madman.nectar.com (madman.nectar.com [10.0.1.111])
	by gw.nectar.com (Postfix) with ESMTP
	id 94327AF22E; Thu, 19 Jul 2001 10:11:38 -0500 (CDT)
Received: (from nectar@localhost)
	by madman.nectar.com (8.11.3/8.11.3) id f6JFBbh29574;
	Thu, 19 Jul 2001 10:11:37 -0500 (CDT)
	(envelope-from nectar)
Date: Thu, 19 Jul 2001 10:11:37 -0500
From: "Jacques A. Vidrine" <n@nectar.com>
To: Jeroen Ruigrok/Asmodai <asmodai@wxs.nl>
Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>,
	Mike Tancsa <mike@sentex.net>, Kris Kennaway <kris@obsecurity.org>,
	security@FreeBSD.ORG
Subject: Re: FreeBSD remote root exploit ?
Message-ID: <20010719101137.K27900@madman.nectar.com>
References: <5.1.0.14.0.20010719010646.03e25eb8@192.168.0.12> <200107190547.f6J5lmD66188@cwsys.cwsent.com> <20010719094348.K58092@daemon.ninth-circle.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010719094348.K58092@daemon.ninth-circle.org>; from asmodai@wxs.nl on Thu, Jul 19, 2001 at 09:43:48AM +0200
X-Url: http://www.nectar.com/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, Jul 19, 2001 at 09:43:48AM +0200, Jeroen Ruigrok/Asmodai wrote:
> Don't forget I have been doing a lot of synching between the two/three
> telnet(d)'s in the source repository, including a lot of fix merging
> [which Kris did a lot of the work in first place for].
> 
> Suffice to say we don't have real stock telnet(d)'s present, but quite
> audited in a lot of places.
> 
> Now that I have more time again I need to continue moving the
> telnet(d)'s into one app again.

Please consider merging in Heimdal's telnet/telnetd.  It is a close
relative of what we have now (and therefore also
vulnerability-compatible :-).  I believe OpenBSD has done this already.

Cheers,
-- 
Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message