|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Heimdal telnet DOS advisory
From: Love Hörnquist Åstrand (lha
kth.se)
Date: Thu Mar 16 2006 - 09:56:03 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jason Thorpe <thorpejshagadelic.org> writes:
> On Mar 15, 2006, at 12:33 PM, Ed Ravin wrote:
>
>> Title: Heimdal TelnetD Denial of Service
>> Description: Heimdal is a free implementation of the Kerberos 5
>> network authentication protocol. It contains several Kerberos-enabled
>> network server applications. The "telnetd" program provides remote
>> access. It is prone to a remote denial of service vulnerability due to
>> a design error in the application during the initial connection to
>> telnetd before authentication. The resulting NULL pointer de-reference
>> causes telnetd to crash.
>> Ref: http://www.us.debian.org/security/2006/dsa-977
>>
>> The fix is in Heimdal 0.6.6, but NetBSD seems to still be using
>> Heimdal 0.6.3.
>
> While NetBSD does ship Heimdal Kerberos 5, NetBSD does not use the
> Heimdal telnetd implementation.
The bug does no longer exists in NetBSD telnetd, it was already fixed when
I checked the other telnetd in the world to notify them.
Love
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iQEVAwUARBmKlNo1gLFKFEjAAQLHEQf/SvFFJqDpxDdytQQ6n5EMcN+ZgcZHWrIS
ccL5DiYNe7A4ZdnCQO/5sT2Je8PmqVpEsQPgZ1iYZS5b8g2ISMxyinHIikJPuGR+
HU1Wi2k6GGsph5NjaEhV2JCuTj8DrhYjFS19hBcOZtUlvq+iuhVTilLLIy4+d2jC
HznhdTJEwTLDpj8jvBd8c/eIqCujPs8+D3u13LWd50NsALzGNrBnDD8BaNH2RlNr
yxWoFS727JIH7Naea3ma4+5zhnvpH54ZBMyfb8vCe76HdcUxaLzOZHfw1O7f7V+8
hZPlTRLZi7ZnAnjFSW5AIXND0OFGAqmY8q60crB+zSVgwJb9i1xyCg==
=1QBl
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]