Threat Level: green Handler on Duty: Kevin Liston

SANS ISC: telnetd deja vu, this time it is Kerberos 5 telnetd - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
telnetd deja vu, this time it is Kerberos 5 telnetd
It seems like it was just a couple of weeks ago that we noted issues with the Solaris telnetd.  A couple of our readers took exception to our statement in the earlier story that telnet shouldn't be open to the internet.  Some of them pointed out that Kerberized telnetd uses much stronger authentication and can optionally encrypt traffic.  That is all well and good, but I don't consider that ordinary telnet(d).  Today, I noticed a RedHat bulletin (and subsequently, the official MIT advisory) about a vulnerability in Kerberos 5 telnetd (so it isn't any safer from bugs creeping into the code) that could allow unauthenticated root login by passing a crafted username (a different bug than the Solaris one).   Note that in neither case is the issue with the client, the issue is on the server side.  There are still valid reasons to have the telnet client on machines.  Anyway, krb5-telnet is not enabled by default on RedHat (or any other Linux/Unix that I'm aware of), but if you use it, update as soon as possible/practical.  I assume that other Linux distributions will have updates soon, if not already available.  If you are building from source, please see the MIT advisory.

References:
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt
https://rhn.redhat.com/errata/RHSA-2007-0095.html
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0956 (not live yet)
Jim

400 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!