I don't know if this has already been brought to people's attention already, but if it hasn't, here you go: We have discovered a serious security problem found in the Berkeley telnet client. This bug only affects telnet clients which provide support for the experimental telnet encryption option using the Kerberos V4 authentication. All known, released versions of the BSD telnet that support Kerberos V4 authentication and encryption are affected by this bug. It is recommended that all sites who use encrypted telnet in conjuction with Kerberos V4 apply this patch immediately. This patch, along with the domestic version of the most recently released telnet sources from Berkeley, are available via anonymous ftp from net-dist.mit.edu in the directory /pub/telnet. The patch (which is also included in this message) can be found in the file /pub/telnet/telnet.patch. The file /pub/telnet/telnet.patch.sig contains a detached PGP signature of this file. Users of NCSA Telnet should upgrade to the NCSA telnet 2.6.1d4, which is available via from ftp.ncsa.uiuc.edu in the directory /Mac/Telnet/Telnet2.6/prerelease/d4. Customers of ftp Software with an encrypting telnet (provided in the PC/TCP or OnNet packages) should call the ftp technical support line at 1-800-282-4387 and ask for the "tn encrypt patch". If you have an encrypting telnet from some other vendor, please contact that vendor for information regarding how to get a fixed version. HotBot - Search smarter. http://www.hotbot.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:26:57 PDT