From owner-freebsd-security@FreeBSD.ORG Fri Dec 23 17:49:22 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 03B1D10656D1; Fri, 23 Dec 2011 17:49:22 +0000 (UTC) (envelope-from zingelman@fnal.gov) Received: from gateway01.fnal.gov (gateway01.fnal.gov [131.225.104.18]) by mx1.freebsd.org (Postfix) with ESMTP id 830128FC17; Fri, 23 Dec 2011 17:49:21 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by gateway01.fnal.gov (Postfix) with ESMTP id 787A8E30584; Fri, 23 Dec 2011 11:49:20 -0600 (CST) X-Virus-Scanned: amavisd-new at fnal.gov Received: from gateway01.fnal.gov ([127.0.0.1]) by localhost (gateway01.fnal.gov [127.0.0.1]) (amavisd-new, port 10024) with LMTP id BNaX4XD88V6l; Fri, 23 Dec 2011 11:49:20 -0600 (CST) X-Mailgw-Auth: no Received: from nova.fnal.gov (nova.fnal.gov [131.225.121.207]) by gateway01.fnal.gov (Postfix) with SMTP id 4A33BE30580; Fri, 23 Dec 2011 11:49:20 -0600 (CST) Received: from nova.fnal.gov (localhost [127.0.0.1]) by nova.fnal.gov (8.14.4+Sun/8.14.4) with ESMTP id pBNHnKdh024478; Fri, 23 Dec 2011 11:49:20 -0600 (CST) Received: from localhost (tez@localhost) by nova.fnal.gov (8.14.4+Sun/8.14.4/Submit) with ESMTP id pBNHnKwG024475; Fri, 23 Dec 2011 11:49:20 -0600 (CST) X-Authentication-Warning: nova.fnal.gov: tez owned process doing -bs Date: Fri, 23 Dec 2011 11:49:20 -0600 (CST) From: Tim Zingelman X-X-Sender: tez@nova.fnal.gov To: Colin Percival In-Reply-To: <4EF4BBB5.2030900@freebsd.org> Message-ID: References: <4EF4A120.1000305@freebsd.org> <4EF4BBB5.2030900@freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org Subject: Re: Merry Christmas from the FreeBSD Security Team X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Tim Zingelman List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Dec 2011 17:49:22 -0000 On Fri, 23 Dec 2011, Colin Percival wrote: > On 12/23/11 09:08, Tim Zingelman wrote: >> On Fri, 23 Dec 2011, FreeBSD Security Officer wrote: >>> Unfortunately my hand was forced: One of the issues (FreeBSD-SA-11:08.telnetd) >>> is a remote root vulnerability which is being actively exploited in the wild; >>> bugs really don't come any worse than this. On the positive side, most people >>> have moved past telnet and on to SSH by now; but this is still not an issue we >>> could postpone until a more convenient time. >> >> Is there any reason this does would not apply to telnetd from most other >> vendors? In particular MIT Kerberos & heimdal? > > It probably applies to everyone shipping BSD telnetd -- I notified the projects > I could think of, but I'm sure I missed a few. > > Heimdal is definitely affected. I don't think MIT Kerberos ships telnetd any > more... at least, I looked in their SVN tree and didn't find it. As of version krb5-1.8 MIT Kerberos stripped all the applications out into a separate krb5-appl bundle. Current version is krb5-appl-1.0.2 and it ships with an apparently vulnerable telnetd. There is a FreeBSD package security/krb5-appl of this maintained by cy. Is there any test code available that could be run against a telnetd to determine if it might be vulnerable or if it is patched against this issue? Thanks, - Tim