Hash: SHA1
=============================================================================
FreeBSD-SA-11:08.telnetd Security Advisory
The FreeBSD Project
Topic: telnetd code execution vulnerability
Category: core
Module: contrib
Announced: 2011-12-23
Affects: All supported versions of FreeBSD.
Corrected: 2011-12-23 15:00:37 UTC (RELENG_7, 7.4-STABLE)
2011-12-23 15:00:37 UTC (RELENG_7_4, 7.4-RELEASE-p5)
2011-12-23 15:00:37 UTC (RELENG_7_3, 7.3-RELEASE-p9)
2011-12-23 15:00:37 UTC (RELENG_8, 8.2-STABLE)
2011-12-23 15:00:37 UTC (RELENG_8_2, 8.2-RELEASE-p5)
2011-12-23 15:00:37 UTC (RELENG_8_1, 8.1-RELEASE-p7)
2011-12-23 15:00:37 UTC (RELENG_9, 9.0-STABLE)
2011-12-23 15:00:37 UTC (RELENG_9_0, 9.0-RELEASE)
CVE Name: CVE-2011-4862
For general information regarding FreeBSD Security Advisories, I. Background The FreeBSD telnet daemon, telnetd(8), implements the server side of the The TELNET protocol has a mechanism for encryption of the data stream II. Problem Description When an encryption key is supplied via the TELNET protocol, its length III. Impact An attacker who can connect to the telnetd daemon can execute arbitrary IV. Workaround No workaround is available, but systems not running the telnet daemon Note that the telnet daemon is usually run via inetd, and consequently $ ps ax | grep telnetd | grep -v grep If any output is produced, your system may be vulnerable. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 7.4, 7.3, a) Download the patch from the location below, and verify the # fetch http://security.FreeBSD.org/patches/SA-11:08/telnetd.patch b) Execute the following commands as root: # cd /usr/src 3) To update your vulnerable system via a binary patch: Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on # freebsd-update fetch VI. Correction details The following list contains the revision numbers of each file that was CVS: Branch Revision Subversion: Branch/path Revision VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862 The latest revision of this advisory is available at iEYEARECAAYFAk70nOoACgkQFdaIBMps37IYcwCfXn5aQTfQDe/AnS31JBg+BB1m
including descriptions of the fields above, security branches, and the
following sections, please visit
TELNET virtual terminal protocol. It has been disabled by default in
FreeBSD since August 2001, and due to the lack of cryptographic security
in the TELNET protocol, it is strongly recommended that the SSH protocol
be used instead. The FreeBSD telnet daemon can be enabled via the
/etc/inetd.conf configuration file and the inetd(8) daemon.
(but it is not cryptographically strong and should not be relied upon
in any security-critical applications).
is not validated before the key is copied into a fixed-size buffer.
code with the privileges of the daemon (which is usually the "root"
superuser).
are not vulnerable.
will not show up in a process listing unless a connection is currently
active; to determine if it is enabled, run
$ grep telnetd /etc/inetd.conf | grep -vE '^#'
RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3 security branch dated
after the correction date.
8.2, and 8.1 systems.
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-11:08/telnetd.patch.asc
# patch < /path/to/patch
# cd /usr/src/lib/libtelnet
# make obj && make depend && make && make install
# cd /usr/src/libexec/telnetd
# make obj && make depend && make && make install
the i386 or amd64 platforms can be updated via the freebsd-update(8)
utility:
# freebsd-update install
corrected in FreeBSD.
Path
- -------------------------------------------------------------------------
RELENG_7
src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c 1.1.1.2.24.1
src/contrib/telnet/libtelnet/encrypt.c 1.9.24.1
RELENG_7_4
src/UPDATING 1.507.2.36.2.7
src/sys/conf/newvers.sh 1.72.2.18.2.10
src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c 1.1.1.2.38.1
src/contrib/telnet/libtelnet/encrypt.c 1.9.40.2
RELENG_7_3
src/UPDATING 1.507.2.34.2.11
src/sys/conf/newvers.sh 1.72.2.16.2.13
src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c 1.1.1.2.36.1
src/contrib/telnet/libtelnet/encrypt.c 1.9.38.2
RELENG_8
src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c 1.1.1.3.2.1
src/contrib/telnet/libtelnet/encrypt.c 1.9.36.2
RELENG_8_2
src/UPDATING 1.632.2.19.2.7
src/sys/conf/newvers.sh 1.83.2.12.2.10
src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c 1.1.1.3.8.1
src/contrib/telnet/libtelnet/encrypt.c 1.9.36.1.6.2
RELENG_8_1
src/UPDATING 1.632.2.14.2.10
src/sys/conf/newvers.sh 1.83.2.10.2.11
src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c 1.1.1.3.6.1
src/contrib/telnet/libtelnet/encrypt.c 1.9.36.1.4.2
RELENG_9
src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c 1.1.1.3.10.1
src/contrib/telnet/libtelnet/encrypt.c 1.9.42.2
RELENG_9_0
src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c 1.1.1.3.12.1
src/contrib/telnet/libtelnet/encrypt.c 1.9.42.1.2.2
- -------------------------------------------------------------------------
- -------------------------------------------------------------------------
stable/7/ r228843
releng/7.4/ r228843
releng/7.3/ r228843
stable/8/ r228843
releng/8.2/ r228843
releng/8.1/ r228843
stable/9/ r228843
releng/9.0/ r228843
- -------------------------------------------------------------------------
http://security.FreeBSD.org/advisories/FreeBSD-SA-11:08.telnetd.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
HJMAmgOE5pUKTlFqLw5UBouMNFfUmu2u
=dcyj
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
No comments:
Post a Comment