Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2000.403 -- NetBSD Security Advisory 2000-017 Exploitable bugs in kerberised telnetd and libkrb 22 December 2000 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: telnetd, libkrb Vendor: NetBSD Operating System: NetBSD Impact: Root Compromise Access Required: Local - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2000-017 ================================= Topic: Exploitable bugs in kerberised telnetd and libkrb Version: 1.5 Severity: local root compromise possible Fixed: 2000/12/09 in -current; 2000/12/15 in netbsd-1-5-branch Abstract ======== The combination of a too liberal implementation in telnetd and bugs in libkrb combines to make it possible for authorized users of a system to obtain root access on a system. Technical Details ================= there were two problems; first, telnetd allowed the user to provide arbitrary environment variables, including several that cause programs to behave differently. There was also a possible buffer overflow in the kerberos v4 library. Solutions and Workarounds ========================= The problem was fixed in NetBSD-current on 2000/12/09; systems running NetBSD-current dated from before that date should be upgraded to NetBSD-current dated 2000/12/09 or later. The 1.5 branch was fixed by 2000/12/15. Systems running 1.4.x are not vulnerable to this problem as they do not contain this version of kerberos. Systems running 1.5 should apply the patch found in ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20001220-krb and then rebuild and reinstall both the "libkrb" library and telnetd. Systems running NetBSD-current dated from before 2000/12/09 should be upgraded to NetBSD-current dated 2000/12/09 or later. Thanks To ========= Jouko Pynnönen <jouko@solutions.fi> Revision History ================ 20001215 First draft More Information ================ Information about NetBSD and NetBSD security can be found at http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/. Copyright 2000, The NetBSD Foundation, Inc. All Rights Reserved. $NetBSD: NetBSD-SA2000-017.txt,v 1.5 2000/12/20 20:30:13 sommerfeld Exp $ - -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBOkEW3j5Ru2/4N2IFAQHOmwP8D/+PSPdMwwo4G22IX2820iRitmUBU7c/ moB6TaEw9CPMzAmd3499Kx/Xe+IRMFEFgDZOJVDZx/tgqWR2Xpd/caQiAM/9c0Th uVRW/A5EgSm7mUnUk82KHnySpqKn+Cnr1ytR9a+HuaSpn0O/Q0yHslg95G+VYQ2W f31W26+Q21M= =hboe - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to use any or all of this information is the responsibility of each user or organisation, and should be done so in accordance with site policies and procedures. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the original authors to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/Information/advisories.html If you believe that your system has been compromised, contact AusCERT or your representative in FIRST (Forum of Incident Response and Security Teams). Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for emergencies. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCVAwUBOlSNcyh9+71yA2DNAQFogQP8CDLgm7pEU234jDuUQIrgRMIq/uNTQjSn EcuLQjMB0Ag2HuCuMQUluWrKgs1yEAa+veGo1gEdsDnBaRnQYWTsoIr3fi37ehcA Vth+/SPrPQ+5M0DT/Oh5dChEbRT67GCrUu/ZJx5rZdqhV8zWPOgK7yM9+UebLgQg lCcyHaIgS1o= =0YB7 -----END PGP SIGNATURE-----