Re: Heimdal telnetd advisory

To: tech-security%netbsd.org@localhost
Subject: Re: Heimdal telnetd advisory
From: christos%astron.com@localhost (Christos Zoulas)
Date: Wed, 28 Dec 2011 04:12:45 +0000 (UTC)

In article <20111228004655.GA10866%panix.com@localhost>,
Ed Ravin  <eravin%panix.com@localhost> wrote:
>FreeBSD has announced a telnetd unauthenticated remote root exploit:
>
>  http://lists.freebsd.org/pipermail/freebsd-announce/2011-December/001398.html
>
>Which also affects Heimdal and MIT Kerberos:
>
>  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4862
>
>I presume NetBSD telnetd is also vulnerable as it uses the same codebase.
>

We have fixed it on head, and pullups to -4 and -5 are pending.

christos

References:
- Heimdal telnetd advisory
  - From: Ed Ravin

Prev by Date: Heimdal telnetd advisory
Next by Date: Re: Heimdal telnetd advisory
Previous by Thread: Heimdal telnetd advisory
Next by Thread: Re: Heimdal telnetd advisory
Indexes:

Home | Main Index | Thread Index | Old Index