>Number:         24123
>Category:       lib
>Synopsis:       telnetd cores
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jan 17 02:14:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Michael Santos
>Release:        NetBSD 1.6ZH
>Organization:
	
>Environment:
	
	
System: NetBSD ack-n 1.6ZH NetBSD 1.6ZH (ack-n) #19: Sun Jan 11 17:15:58 EST 2004 root@ack-n:/home/build/src/sys/arch/i386/compile/obj/ack-n i386
Architecture: i386
Machine: i386
>Description:
NetBSD au1 1.5.4_ALPHA NetBSD 1.5.4_ALPHA (AU1) #6: Wed Aug  6 14:30:10 EDT 2003

Under NetBSD 1.5, telnetd dumps core when a session is initiated
by a Heimdal 0.6 telnet.

>How-To-Repeat:
Use a Heimdal 0.6 telnet client with NetBSD 1.5, e.g., using

http://www.stacken.kth.se/~thn/ktelnet/beta/KTW32.EXE

>Fix:

Please pull up these fixes to src/lib/libtelnet/kerberos5.c:

----------------------------
revision 1.10
date: 2002/09/20 22:25:49;  author: thorpej;  state: Exp;  lines: +3 -3
context -> telnet_context in two places.
----------------------------
revision 1.9
date: 2002/09/20 14:45:29;  author: joda;  state: Exp;  lines: +25 -1
make sure the client creates a subkey; also make the server check that
it actually got a subkey, and if not use the session key
----------------------------

>Release-Note:
>Audit-Trail:
>Unformatted: