Subject: Heimdal telnet DOS advisory
To: None <>
From: Ed Ravin <>
List: tech-security
Date: 03/15/2006 15:33:56
Title: Heimdal TelnetD Denial of Service
Description: Heimdal is a free implementation of the Kerberos 5
network authentication protocol. It contains several Kerberos-enabled
network server applications. The "telnetd" program provides remote
access. It is prone to a remote denial of service vulnerability due to
a design error in the application during the initial connection to
telnetd before authentication. The resulting NULL pointer de-reference
causes telnetd to crash.

The fix is in Heimdal 0.6.6, but NetBSD seems to still be using Heimdal 0.6.3.