Merry Christmas from the FreeBSD Security Team
Colin Percival
cperciva at freebsd.org
Fri Dec 23 17:35:38 UTC 2011
On 12/23/11 09:08, Tim Zingelman wrote:
> On Fri, 23 Dec 2011, FreeBSD Security Officer wrote:
>> Unfortunately my hand was forced: One of the issues (FreeBSD-SA-11:08.telnetd)
>> is a remote root vulnerability which is being actively exploited in the wild;
>> bugs really don't come any worse than this. On the positive side, most people
>> have moved past telnet and on to SSH by now; but this is still not an issue we
>> could postpone until a more convenient time.
>
> Is there any reason this does would not apply to telnetd from most other
> vendors? In particular MIT Kerberos & heimdal?
It probably applies to everyone shipping BSD telnetd -- I notified the projects
I could think of, but I'm sure I missed a few.
Heimdal is definitely affected. I don't think MIT Kerberos ships telnetd any
more... at least, I looked in their SVN tree and didn't find it.
--
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid
More information about the freebsd-security
mailing list