Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

NetBSD Security Advisory 2000-017

From: security-officer () netbsd org
Date: Wed, 20 Dec 2000 14:42:25 -0500
-----BEGIN PGP SIGNED MESSAGE-----

                 NetBSD Security Advisory 2000-017
                 =================================

Topic:          Exploitable bugs in kerberised telnetd and libkrb
Version:        1.5
Severity:       local root compromise possible
Fixed:          2000/12/09 in -current; 2000/12/15 in netbsd-1-5-branch

Abstract
========

The combination of a too liberal implementation in telnetd and bugs in
libkrb combines to make it possible for authorized users of a system
to obtain root access on a system.

Technical Details
=================

there were two problems; first, telnetd allowed the user to provide
arbitrary environment variables, including several that cause programs
to behave differently.  There was also a possible buffer overflow in
the kerberos v4 library.

Solutions and Workarounds
=========================

The problem was fixed in NetBSD-current on 2000/12/09; systems running
NetBSD-current dated from before that date should be upgraded to
NetBSD-current dated 2000/10/09 or later.  The 1.5 branch was
fixed by 2000/12/15.

Systems running 1.4.x are not vulnerable to this problem as they do
not contain this version of kerberos.

Systems running 1.5 should apply the patch found in
    ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20001220-krb
and then rebuild and reinstall both the "libkrb" library and telnetd.

Systems running NetBSD-current dated from before 2000/12/09 should be
upgraded to NetBSD-current dated 2000/12/09 or later.

Thanks To
=========

Jouko Pynnönen <jouko () solutions fi>

Revision History
================

20001215        First draft

More Information
================

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.


Copyright 2000, The NetBSD Foundation, Inc.  All Rights Reserved.

$NetBSD: NetBSD-SA2000-017.txt,v 1.4 2000/12/20 17:23:07 sommerfeld Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBOkDrAT5Ru2/4N2IFAQFI7AP/Wfev/8Xr+gxOvD7LHBRfI3bX0xmqsxug
85Ocz2bS/N++KK3T1uzcC16QZYeDLEGgH6Cs871JLnm4LxBTZox6gHGmJSLCsq40
fFCtfN4yflcJqDTZ19VU8OBOZ3ZZ/w2wc0jNVotbWWj1bQy/fuSxg0reNyEj7JJd
VbXNrpPQppg=
=/MsX
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: