Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 18 Jul 2001 22:47:18 -0700
From:      Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
To:        Mike Tancsa <mike@sentex.net>
Cc:        Kris Kennaway <kris@obsecurity.org>, security@FreeBSD.ORG
Subject:   Re: FreeBSD remote root exploit ? 
Message-ID:  <200107190547.f6J5lmD66188@cwsys.cwsent.com>
In-Reply-To: Your message of "Thu, 19 Jul 2001 01:09:35 EDT." <5.1.0.14.0.20010719010646.03e25eb8@192.168.0.12>
next in thread | previous in thread | raw e-mail | index | archive | help 
I wouldn't be surprised that Kerberos IV and V telnetd's are also 
vulnerable.  The krb5 port will need to be patched when we patch the 
base telnetd.

Also, there are two telnetd's in the base tree.  I'm sure everyone 
knows this, I put my paranoid manager's hat on.


Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC

In message <5.1.0.14.0.20010719010646.03e25eb8@192.168.0.12>, Mike 
Tancsa write
s:
> 
> Major drag.  Sadly, one of my customers needs telnetd running. Are there 
> any alternative daemons that can be used as a temp measure that are not 
> derived from the BSD tree ?
> 
>          ---Mike
> 
> At 09:39 PM 7/18/2001 -0700, Kris Kennaway wrote:
> >I haven't been able to verify it yet; they didn't bother to give us
> >any advance notice before releasing to bugtraq, nor did they give us
> >any additional details.
> >
> >Kris
> >
> >On Thu, Jul 19, 2001 at 12:19:09AM -0400, Mike Tancsa wrote:
> > >
> > > Posted to bugtraq is a notice about telnetd being remotely root
> > > exploitable. Does anyone know if it is true ?
> > >
> > >          ---Mike
> 
> --------------------------------------------------------------------
> Mike Tancsa,                                      tel +1 519 651 3400
> Network Administration,                           mike@sentex.net
> Sentex Communications                             www.sentex.net
> Cambridge, Ontario Canada                         www.sentex.net/mike
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107190547.f6J5lmD66188>