tech-security: Re: Heimdal telnet DOS advisory

Subject: Re: Heimdal telnet DOS advisory
To: Ed Ravin <eravin@panix.com>
From: =?iso-8859-1?q?Love_H=F6rnquist_=C5strand?= <lha@kth.se>
List: tech-security
Date: 03/16/2006 16:56:03

--=-=-=


Jason Thorpe <thorpej@shagadelic.org> writes:

> On Mar 15, 2006, at 12:33 PM, Ed Ravin wrote:
>
>> Title: Heimdal TelnetD Denial of Service
>> Description: Heimdal is a free implementation of the Kerberos 5
>> network authentication protocol. It contains several Kerberos-enabled
>> network server applications. The "telnetd" program provides remote
>> access. It is prone to a remote denial of service vulnerability due to
>> a design error in the application during the initial connection to
>> telnetd before authentication. The resulting NULL pointer de-reference
>> causes telnetd to crash.
>> Ref: http://www.us.debian.org/security/2006/dsa-977
>>
>> The fix is in Heimdal 0.6.6, but NetBSD seems to still be using
>> Heimdal 0.6.3.
>
> While NetBSD does ship Heimdal Kerberos 5, NetBSD does not use the
> Heimdal telnetd implementation.

The bug does no longer exists in NetBSD telnetd, it was already fixed when
I checked the other telnetd in the world to notify them.

Love


--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iQEVAwUARBmKlNo1gLFKFEjAAQLHEQf/SvFFJqDpxDdytQQ6n5EMcN+ZgcZHWrIS
ccL5DiYNe7A4ZdnCQO/5sT2Je8PmqVpEsQPgZ1iYZS5b8g2ISMxyinHIikJPuGR+
HU1Wi2k6GGsph5NjaEhV2JCuTj8DrhYjFS19hBcOZtUlvq+iuhVTilLLIy4+d2jC
HznhdTJEwTLDpj8jvBd8c/eIqCujPs8+D3u13LWd50NsALzGNrBnDD8BaNH2RlNr
yxWoFS727JIH7Naea3ma4+5zhnvpH54ZBMyfb8vCe76HdcUxaLzOZHfw1O7f7V+8
hZPlTRLZi7ZnAnjFSW5AIXND0OFGAqmY8q60crB+zSVgwJb9i1xyCg==
=1QBl
-----END PGP SIGNATURE-----
--=-=-=--