[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2011-4862 is not BSD-specific
From:       Huzaifa Sidhpurwala <huzaifas () redhat ! com>
Date:       2011-12-26 9:49:42
Message-ID: 4EF84066.3060805 () redhat ! com
[Download RAW message or body]

On 12/26/2011 03:04 PM, Florian Weimer wrote:
> * Huzaifa Sidhpurwala:
>
>>> The telnetd from netkit does not appear to be affected.
>>
>> The patch seems to be applicable though, probably you need to do
>> something else to make it segfault?
>
> Our version of netkit (which we once got from
> <ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/>) lacks Kerberos
> support entirely.

 From what i see, if your telnetd can do encrypted connections, then it 
is affected.

However netkit telnet clients dont have support for encryption, so using 
the telnet client out of box is not going to work.

-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]