tech-security: Heimdal telnetd advisory

Subject: Heimdal telnetd advisory
To: None <tech-security@netbsd.org>
From: Ed Ravin <eravin@panix.com>
List: tech-security
Date: 06/24/2005 13:10:52

An advisory came out a few days ago for Heimdal telnetd:

   http://www.pdc.kth.se/heimdal/advisory/2005-06-20/

   2005-06-20: telnetd vulnerabilities

   The telnetd server program in Heimdal has buffer overflows in the function
   getterminaltype, which may lead to remote code execution.

   0.6.5 and 0.7 fixes this problem.

   The only workaround for this bug is to not use the telnetd server program.

NetBSD uses (or at least started with) the Heimdal code.  Does this affect
NetBSD?

  -- Ed, who also wonders what happened to the NetBSD security advisory for
the telnet a few months ago...