Advisories : Exploitable bugs in kerberised telnetd and libkrb

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : Exploitable bugs in kerberised telnetd and libkrb

Title:	Exploitable bugs in kerberised telnetd and libkrb
Released by:	NetBSD
Date:	20th December 2000
Printable version:	Click here

-----BEGIN PGP SIGNED MESSAGE-----



                 NetBSD Security Advisory 2000-017

                 =================================



Topic: Exploitable bugs in kerberised telnetd and libkrb

Version: 1.5

Severity: local root compromise possible

Fixed: 2000/12/09 in -current; 2000/12/15 in netbsd-1-5-branch



Abstract

========



The combination of a too liberal implementation in telnetd and bugs in

libkrb combines to make it possible for authorized users of a system

to obtain root access on a system.



Technical Details

=================



there were two problems; first, telnetd allowed the user to provide

arbitrary environment variables, including several that cause programs

to behave differently.  There was also a possible buffer overflow in

the kerberos v4 library.



Solutions and Workarounds

=========================



The problem was fixed in NetBSD-current on 2000/12/09; systems running

NetBSD-current dated from before that date should be upgraded to

NetBSD-current dated 2000/10/09 or later.  The 1.5 branch was

fixed by 2000/12/15.



Systems running 1.4.x are not vulnerable to this problem as they do

not contain this version of kerberos.



Systems running 1.5 should apply the patch found in

    http://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20001220-krb

and then rebuild and reinstall both the "libkrb" library and telnetd.



Systems running NetBSD-current dated from before 2000/12/09 should be

upgraded to NetBSD-current dated 2000/12/09 or later.



Thanks To

=========



Jouko Pynnönen 



Revision History

================



20001215 First draft



More Information

================



Information about NetBSD and NetBSD security can be found at

http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.





Copyright 2000, The NetBSD Foundation, Inc.  All Rights Reserved.



$NetBSD: NetBSD-SA2000-017.txt,v 1.4 2000/12/20 17:23:07 sommerfeld Exp $



-----BEGIN PGP SIGNATURE-----

Version: 2.6.3ia

Charset: noconv



iQCVAwUBOkDrAT5Ru2/4N2IFAQFI7AP/Wfev/8Xr+gxOvD7LHBRfI3bX0xmqsxug

85Ocz2bS/N++KK3T1uzcC16QZYeDLEGgH6Cs871JLnm4LxBTZox6gHGmJSLCsq40

fFCtfN4yflcJqDTZ19VU8OBOZ3ZZ/w2wc0jNVotbWWj1bQy/fuSxg0reNyEj7JJd

VbXNrpPQppg=

=/MsX

-----END PGP SIGNATURE-----