From owner-freebsd-security@FreeBSD.ORG  Fri Dec 23 17:25:00 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 72AF51065679;
	Fri, 23 Dec 2011 17:25:00 +0000 (UTC)
	(envelope-from zingelman@fnal.gov)
Received: from gateway02.fnal.gov (gateway02.fnal.gov [131.225.104.19])
	by mx1.freebsd.org (Postfix) with ESMTP id 46B448FC0A;
	Fri, 23 Dec 2011 17:25:00 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by gateway02.fnal.gov (Postfix) with ESMTP id CA0651710B82;
	Fri, 23 Dec 2011 11:08:05 -0600 (CST)
X-Virus-Scanned: amavisd-new at fnal.gov
Received: from gateway02.fnal.gov ([127.0.0.1])
	by localhost (gateway02.fnal.gov [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id M2QkS3CJB4Bu; Fri, 23 Dec 2011 11:08:05 -0600 (CST)
X-Mailgw-Auth: no
Received: from nova.fnal.gov (nova.fnal.gov [131.225.121.207])
	by gateway02.fnal.gov (Postfix) with SMTP id 9D9F81710B51;
	Fri, 23 Dec 2011 11:08:05 -0600 (CST)
Received: from nova.fnal.gov (localhost [127.0.0.1])
	by nova.fnal.gov (8.14.4+Sun/8.14.4) with ESMTP id pBNH85AW023979;
	Fri, 23 Dec 2011 11:08:05 -0600 (CST)
Received: from localhost (tez@localhost)
	by nova.fnal.gov (8.14.4+Sun/8.14.4/Submit) with ESMTP id
	pBNH85sr023976; Fri, 23 Dec 2011 11:08:05 -0600 (CST)
X-Authentication-Warning: nova.fnal.gov: tez owned process doing -bs
Date: Fri, 23 Dec 2011 11:08:05 -0600 (CST)
From: Tim Zingelman <zingelman@fnal.gov>
X-X-Sender: tez@nova.fnal.gov
To: security-officer@freebsd.org
In-Reply-To: <4EF4A120.1000305@freebsd.org>
Message-ID: <Pine.SOL.4.64.1112231103280.23931@nova.fnal.gov>
References: <4EF4A120.1000305@freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-security@freebsd.org
Subject: Re: Merry Christmas from the FreeBSD Security Team
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Tim Zingelman <zingelman@fnal.gov>
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Dec 2011 17:25:00 -0000

On Fri, 23 Dec 2011, FreeBSD Security Officer wrote:

> Unfortunately my hand was forced: One of the issues (FreeBSD-SA-11:08.telnetd)
> is a remote root vulnerability which is being actively exploited in the wild;
> bugs really don't come any worse than this.  On the positive side, most people
> have moved past telnet and on to SSH by now; but this is still not an issue we
> could postpone until a more convenient time.

Is there any reason this does would not apply to telnetd from most other 
vendors?  In particular MIT Kerberos & heimdal?

Thanks,

  - Tim