-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2000-017 ================================= Topic: Exploitable bugs in kerberised telnetd and libkrb Version: 1.5 Severity: local root compromise possible Fixed: 2000/12/09 in -current; 2000/12/15 in netbsd-1-5-branch Abstract ======== The combination of a too liberal implementation in telnetd and bugs in libkrb combines to make it possible for authorized users of a system to obtain root access on a system. Technical Details ================= there were two problems; first, telnetd allowed the user to provide arbitrary environment variables, including several that cause programs to behave differently. There was also a possible buffer overflow in the kerberos v4 library. Solutions and Workarounds ========================= The problem was fixed in NetBSD-current on 2000/12/09; systems running NetBSD-current dated from before that date should be upgraded to NetBSD-current dated 2000/12/09 or later. The 1.5 branch was fixed by 2000/12/15. Systems running 1.4.x are not vulnerable to this problem as they do not contain this version of kerberos. Systems running 1.5 should apply the patch found in ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20001220-krb and then rebuild and reinstall both the "libkrb" library and telnetd. Systems running NetBSD-current dated from before 2000/12/09 should be upgraded to NetBSD-current dated 2000/12/09 or later. Thanks To ========= Jouko Pynnönen Revision History ================ 20001215 First draft More Information ================ Information about NetBSD and NetBSD security can be found at http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/. Copyright 2000, The NetBSD Foundation, Inc. All Rights Reserved. $NetBSD: NetBSD-SA2000-017.txt,v 1.5 2000/12/20 20:30:13 sommerfeld Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBOkEW3j5Ru2/4N2IFAQHOmwP8D/+PSPdMwwo4G22IX2820iRitmUBU7c/ moB6TaEw9CPMzAmd3499Kx/Xe+IRMFEFgDZOJVDZx/tgqWR2Xpd/caQiAM/9c0Th uVRW/A5EgSm7mUnUk82KHnySpqKn+Cnr1ytR9a+HuaSpn0O/Q0yHslg95G+VYQ2W f31W26+Q21M= =hboe -----END PGP SIGNATURE-----