[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Exploitable bugs in kerberised telnetd and libkrb

Title: Exploitable bugs in kerberised telnetd and libkrb
Released by: NetBSD
Date: 20th December 2000
Printable version: Click here

                 NetBSD Security Advisory 2000-017


Topic: Exploitable bugs in kerberised telnetd and libkrb

Version: 1.5

Severity: local root compromise possible

Fixed: 2000/12/09 in -current; 2000/12/15 in netbsd-1-5-branch



The combination of a too liberal implementation in telnetd and bugs in

libkrb combines to make it possible for authorized users of a system

to obtain root access on a system.

Technical Details


there were two problems; first, telnetd allowed the user to provide

arbitrary environment variables, including several that cause programs

to behave differently.  There was also a possible buffer overflow in

the kerberos v4 library.

Solutions and Workarounds


The problem was fixed in NetBSD-current on 2000/12/09; systems running

NetBSD-current dated from before that date should be upgraded to

NetBSD-current dated 2000/10/09 or later.  The 1.5 branch was

fixed by 2000/12/15.

Systems running 1.4.x are not vulnerable to this problem as they do

not contain this version of kerberos.

Systems running 1.5 should apply the patch found in


and then rebuild and reinstall both the "libkrb" library and telnetd.

Systems running NetBSD-current dated from before 2000/12/09 should be

upgraded to NetBSD-current dated 2000/12/09 or later.

Thanks To


Jouko Pynnönen 

Revision History


20001215 First draft

More Information


Information about NetBSD and NetBSD security can be found at

http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.

Copyright 2000, The NetBSD Foundation, Inc.  All Rights Reserved.

$NetBSD: NetBSD-SA2000-017.txt,v 1.4 2000/12/20 17:23:07 sommerfeld Exp $


Version: 2.6.3ia

Charset: noconv







(C) 1999-2000 All rights reserved.