||Home : Advisories : Exploitable bugs in kerberised telnetd and libkrb|
||Exploitable bugs in kerberised telnetd and libkrb
||20th December 2000
-----BEGIN PGP SIGNED MESSAGE-----
NetBSD Security Advisory 2000-017
Topic: Exploitable bugs in kerberised telnetd and libkrb
Severity: local root compromise possible
Fixed: 2000/12/09 in -current; 2000/12/15 in netbsd-1-5-branch
The combination of a too liberal implementation in telnetd and bugs in
libkrb combines to make it possible for authorized users of a system
to obtain root access on a system.
there were two problems; first, telnetd allowed the user to provide
arbitrary environment variables, including several that cause programs
to behave differently. There was also a possible buffer overflow in
the kerberos v4 library.
Solutions and Workarounds
The problem was fixed in NetBSD-current on 2000/12/09; systems running
NetBSD-current dated from before that date should be upgraded to
NetBSD-current dated 2000/10/09 or later. The 1.5 branch was
fixed by 2000/12/15.
Systems running 1.4.x are not vulnerable to this problem as they do
not contain this version of kerberos.
Systems running 1.5 should apply the patch found in
and then rebuild and reinstall both the "libkrb" library and telnetd.
Systems running NetBSD-current dated from before 2000/12/09 should be
upgraded to NetBSD-current dated 2000/12/09 or later.
20001215 First draft
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.
Copyright 2000, The NetBSD Foundation, Inc. All Rights Reserved.
$NetBSD: NetBSD-SA2000-017.txt,v 1.4 2000/12/20 17:23:07 sommerfeld Exp $
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----