From owner-freebsd-security Thu Jul 19 10: 9:47 2001 Delivered-To: freebsd-security@freebsd.org Received: from assaris.sics.se (assaris.sics.se [193.10.66.234]) by hub.freebsd.org (Postfix) with ESMTP id 3F8B437B403 for ; Thu, 19 Jul 2001 10:09:42 -0700 (PDT) (envelope-from assar@assaris.sics.se) Received: (from assar@localhost) by assaris.sics.se (8.9.3/8.9.3) id TAA14932; Thu, 19 Jul 2001 19:09:32 +0200 (CEST) (envelope-from assar) To: Cy Schubert - ITSD Open Systems Group Cc: Mike Tancsa , Kris Kennaway , security@FreeBSD.ORG Subject: Re: FreeBSD remote root exploit ? References: <200107190637.f6J6bnf66559@cwsys.cwsent.com> From: Assar Westerlund Date: 19 Jul 2001 19:09:32 +0200 In-Reply-To: Cy Schubert - ITSD Open Systems Group's message of "Wed, 18 Jul 2001 23:37:42 -0700" Message-ID: <5lhew826cz.fsf@assaris.sics.se> Lines: 12 User-Agent: Gnus/5.070098 (Pterodactyl Gnus v0.98) Emacs/20.6 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Cy Schubert - ITSD Open Systems Group writes: > The advisory says that OpenBSD-current invulnerable. Looking at the > OpenBSD source tree, they've replaced BSD telnetd with heimdal telnetd. Depends on what you mean by OpenBSD-current. itojun just fixed it, see libexec/telnetd/global.c:1.6 > Build with kerberos5 enabled might be a temp workaround. Afraid not. That builds the one in secure. /assar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message