In article <[EMAIL PROTECTED]>,
John Rudd <[EMAIL PROTECTED]> wrote:
:
:
: So, most of my machines don't use the standard vendor telnet, but
: instead use one form or another of a kerberized telnet. Does anyone
: know if today's announcement applies to kerberized telnetd's?
:
: http://www.securityfocus.com/bid/3064
Its hard to tell. I can't gain access to the patch so I don't know
if it is something that was fixed in past releases.
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:49/telnetd-crypto.patch
>From the description of the hole it seems that it would be very difficult
to exploit this hole. The overflow that occurs is produced with data
generated by the telnet daemon and not the client.
Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 Beta available
The Kermit Project @ Columbia University includes Secure Telnet and FTP
http://www.kermit-project.org/ using Kerberos, SRP, and
[EMAIL PROTECTED] OpenSSL. SSH soon to follow.
