|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Heimdal telnet DOS advisory
From: Jason Thorpe (thorpej
shagadelic.org)
Date: Wed Mar 15 2006 - 16:23:28 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mar 15, 2006, at 12:33 PM, Ed Ravin wrote:
> Title: Heimdal TelnetD Denial of Service
> Description: Heimdal is a free implementation of the Kerberos 5
> network authentication protocol. It contains several Kerberos-enabled
> network server applications. The "telnetd" program provides remote
> access. It is prone to a remote denial of service vulnerability due to
> a design error in the application during the initial connection to
> telnetd before authentication. The resulting NULL pointer de-reference
> causes telnetd to crash.
> Ref: http://www.us.debian.org/security/2006/dsa-977
>
> The fix is in Heimdal 0.6.6, but NetBSD seems to still be using
> Heimdal 0.6.3.
While NetBSD does ship Heimdal Kerberos 5, NetBSD does not use the
Heimdal telnetd implementation.
-- thorpej
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]