Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 26 Dec 2011 15:07:42 +0530
From: Huzaifa Sidhpurwala <huzaifas@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2011-4862 is not BSD-specific

On 12/26/2011 03:04 PM, Florian Weimer wrote:
> * Huzaifa Sidhpurwala:
>
>>> The telnetd from netkit does not appear to be affected.
>>
>> The patch seems to be applicable though, probably you need to do
>> something else to make it segfault?
>
> Our version of netkit (which we once got from
> <ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/>) lacks Kerberos
> support entirely.

 From what i see, if your telnetd can do encrypted connections, then it 
is affected.

However netkit telnet clients dont have support for encryption, so using 
the telnet client out of box is not going to work.

-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.