On Mar 15, 2006, at 12:33 PM, Ed Ravin wrote:

> Title: Heimdal TelnetD Denial of Service
> Description: Heimdal is a free implementation of the Kerberos 5
> network authentication protocol. It contains several Kerberos-enabled
> network server applications. The "telnetd" program provides remote
> access. It is prone to a remote denial of service vulnerability due to
> a design error in the application during the initial connection to
> telnetd before authentication. The resulting NULL pointer de-reference
> causes telnetd to crash.
> Ref: http://www.us.debian.org/security/2006/dsa-977
>
> The fix is in Heimdal 0.6.6, but NetBSD seems to still be using  
> Heimdal 0.6.3.

While NetBSD does ship Heimdal Kerberos 5, NetBSD does not use the  
Heimdal telnetd implementation.

-- thorpej