Date: Wed, 18 Jul 2001 22:47:18 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Mike Tancsa <mike@sentex.net> Cc: Kris Kennaway <kris@obsecurity.org>, security@FreeBSD.ORG Subject: Re: FreeBSD remote root exploit ? Message-ID: <200107190547.f6J5lmD66188@cwsys.cwsent.com> In-Reply-To: Your message of "Thu, 19 Jul 2001 01:09:35 EDT." <5.1.0.14.0.20010719010646.03e25eb8@192.168.0.12>
next in thread | previous in thread | raw e-mail | index | archive | help
I wouldn't be surprised that Kerberos IV and V telnetd's are also vulnerable. The krb5 port will need to be patched when we patch the base telnetd. Also, there are two telnetd's in the base tree. I'm sure everyone knows this, I put my paranoid manager's hat on. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC In message <5.1.0.14.0.20010719010646.03e25eb8@192.168.0.12>, Mike Tancsa write s: > > Major drag. Sadly, one of my customers needs telnetd running. Are there > any alternative daemons that can be used as a temp measure that are not > derived from the BSD tree ? > > ---Mike > > At 09:39 PM 7/18/2001 -0700, Kris Kennaway wrote: > >I haven't been able to verify it yet; they didn't bother to give us > >any advance notice before releasing to bugtraq, nor did they give us > >any additional details. > > > >Kris > > > >On Thu, Jul 19, 2001 at 12:19:09AM -0400, Mike Tancsa wrote: > > > > > > Posted to bugtraq is a notice about telnetd being remotely root > > > exploitable. Does anyone know if it is true ? > > > > > > ---Mike > > -------------------------------------------------------------------- > Mike Tancsa, tel +1 519 651 3400 > Network Administration, mike@sentex.net > Sentex Communications www.sentex.net > Cambridge, Ontario Canada www.sentex.net/mike > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107190547.f6J5lmD66188>