On 12/23/11 09:08, Tim Zingelman wrote: > On Fri, 23 Dec 2011, FreeBSD Security Officer wrote: >> Unfortunately my hand was forced: One of the issues >> (FreeBSD-SA-11:08.telnetd) >> is a remote root vulnerability which is being actively exploited in the wild; >> bugs really don't come any worse than this. On the positive side, most >> people >> have moved past telnet and on to SSH by now; but this is still not an issue >> we >> could postpone until a more convenient time. > > Is there any reason this does would not apply to telnetd from most other > vendors? In particular MIT Kerberos & heimdal?
It probably applies to everyone shipping BSD telnetd -- I notified the projects I could think of, but I'm sure I missed a few. Heimdal is definitely affected. I don't think MIT Kerberos ships telnetd any more... at least, I looked in their SVN tree and didn't find it. -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
