From owner-freebsd-security  Thu Jul 19 10: 4:39 2001
Delivered-To: freebsd-security@freebsd.org
Received: from assaris.sics.se (assaris.sics.se [193.10.66.234])
	by hub.freebsd.org (Postfix) with ESMTP id E4B9337B403
	for <security@FreeBSD.ORG>; Thu, 19 Jul 2001 10:04:34 -0700 (PDT)
	(envelope-from assar@assaris.sics.se)
Received: (from assar@localhost)
	by assaris.sics.se (8.9.3/8.9.3) id TAA14876;
	Thu, 19 Jul 2001 19:04:50 +0200 (CEST)
	(envelope-from assar)
To: "Jacques A. Vidrine" <n@nectar.com>
Cc: Matt Dillon <dillon@earth.backplane.com>,
	Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>,
	Mike Tancsa <mike@sentex.net>, Kris Kennaway <kris@obsecurity.org>,
	security@FreeBSD.ORG
Subject: Re: FreeBSD remote root exploit ?
References: <200107190547.f6J5lmD66188@cwsys.cwsent.com> <200107190747.f6J7lMU71487@earth.backplane.com> <20010719102230.L27900@madman.nectar.com>
From: Assar Westerlund <assar@FreeBSD.ORG>
Date: 19 Jul 2001 19:04:50 +0200
In-Reply-To: "Jacques A. Vidrine"'s message of "Thu, 19 Jul 2001 10:22:30 -0500"
Message-ID: <5lpuaw26kt.fsf@assaris.sics.se>
Lines: 8
User-Agent: Gnus/5.070098 (Pterodactyl Gnus v0.98) Emacs/20.6
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

"Jacques A. Vidrine" <n@nectar.com> writes:
> Actually, Heimdal's telnetd _is_ vulnerable, but I don't know if it is
> exploitable.

I don't know if it's exploitable either.  I don't _think_ so, but I've
of course fixed the problem anyways.

/assar

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message