Merry Christmas from the FreeBSD Security Team

Tim Zingelman zingelman at fnal.gov
Fri Dec 23 17:49:22 UTC 2011


On Fri, 23 Dec 2011, Colin Percival wrote:

> On 12/23/11 09:08, Tim Zingelman wrote:
>> On Fri, 23 Dec 2011, FreeBSD Security Officer wrote:
>>> Unfortunately my hand was forced: One of the issues (FreeBSD-SA-11:08.telnetd)
>>> is a remote root vulnerability which is being actively exploited in the wild;
>>> bugs really don't come any worse than this.  On the positive side, most people
>>> have moved past telnet and on to SSH by now; but this is still not an issue we
>>> could postpone until a more convenient time.
>>
>> Is there any reason this does would not apply to telnetd from most other
>> vendors?  In particular MIT Kerberos & heimdal?
>
> It probably applies to everyone shipping BSD telnetd -- I notified the projects
> I could think of, but I'm sure I missed a few.
>
> Heimdal is definitely affected.  I don't think MIT Kerberos ships telnetd any
> more... at least, I looked in their SVN tree and didn't find it.

As of version krb5-1.8 MIT Kerberos stripped all the applications out into 
a separate krb5-appl bundle.  Current version is krb5-appl-1.0.2 and it 
ships with an apparently vulnerable telnetd.  There is a FreeBSD package 
security/krb5-appl of this maintained by cy.

Is there any test code available that could be run against a telnetd to 
determine if it might be vulnerable or if it is patched against this 
issue?

Thanks,

  - Tim


More information about the freebsd-security mailing list