Re: FreeBSD Security Advisory FreeBSD-SA-05:01.telnet

• Previous message: Colin Percival: "Re: FreeBSD Security Advisory FreeBSD-SA-05:01.telnet"
• In reply to: Will Yardley: "Re: FreeBSD Security Advisory FreeBSD-SA-05:01.telnet"
• Next in thread: Jacques Vidrine: "Re: FreeBSD Security Advisory FreeBSD-SA-05:01.telnet"
• Reply: Jacques Vidrine: "Re: FreeBSD Security Advisory FreeBSD-SA-05:01.telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 28 Mar 2005 23:40:12 +0200
To: Will Yardley <freebsd-security@veggiechinese.net>

On 2005.03.28 13:24:08 -0800, Will Yardley wrote:
> On Mon, Mar 28, 2005 at 07:52:14PM +0000, FreeBSD Security Advisories wrote:
>
> [ Not sure else where to follow up to - I don't want to bug the security
> team directly about this, so just writing the list for now ]

In general it's fine to bug the security team directly of stuff like
this, but we also do read freebsd-security@ :-).

> > b) Execute the following commands as root:
> >
> > # cd /usr/src
> > # patch < /path/to/patch
>
> On my home machine (5.3-RELEASE) this failed - I had to go to
> /usr/src/contrib/telnet/telnet for the patch to apply.

Indeed, looks like the FreeBSD 5 patch is an "old" version since that
should have been fixed. I just CC'ed nectar so this can be fixed
ASAP.

> > c) Rebuild the operating system as described in
> > <URL:http://www.freebsd.org/doc/handbook/makeworld.html>.
>
> Just curious... why is it necessary to rebuild the whole operating
> system? Normally, the security advisories just have you rebuild the
> program in question - wouldn't that have sufficed here?

Due to multiple telnet versions (especially in FreeBSD 4) it was
judged that including more specific build instructions for all the
possible combinations of telnet and build options gave to high a risk
for errors possibly resulting in users not actually getting telnet
rebuild correctly.

-- 
Simon L. Nielsen

• application/pgp-signature attachment: stored

• Previous message: Colin Percival: "Re: FreeBSD Security Advisory FreeBSD-SA-05:01.telnet"
• In reply to: Will Yardley: "Re: FreeBSD Security Advisory FreeBSD-SA-05:01.telnet"
• Next in thread: Jacques Vidrine: "Re: FreeBSD Security Advisory FreeBSD-SA-05:01.telnet"
• Reply: Jacques Vidrine: "Re: FreeBSD Security Advisory FreeBSD-SA-05:01.telnet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: FreeBSD Security Advisory FreeBSD-SA-05:01.telnet ... Somehow the patch wasn't generated correctly for FreeBSD 5.x. ... the security advisories just have you rebuild the ... the telnet build is rather messy: ... (FreeBSD-Security) Re: FreeBSD and Hot Swap rebuild on SCSI disks. ... FreeBSD and Hot Swap rebuild on SCSI disks. ... > array on the fly or is it a must to reboot and goto Adaptec 2100s SMOR ... (freebsd-questions) Re: HELP: how to enable telnet? ... >> Just some questions about telnet. ... I just installed FreeBSD. ... Then how can I get SSH working? ... later I want to use Windows XP/2K3. ... (freebsd-newbies) Re: URGENT: Need help rebuilding iir RAID5 array with failed drive ... so I need to get a replacement disk to fix this one... ... You should be able to do whatever rebuild operations ... Please DONT use FreeBSD to rebuild this RAID5 unit. ... (freebsd-current) FreeBSD Security Advisory FreeBSD-SA-01:25.kerberosIV ... Corrected: 2000-12-13 (FreeBSD 4.2-STABLE) ... FreeBSD includes the KTH Kerberos ... filtering of environmental variables by the KerberosIV-adapted telnet ... This vulnerability exists in the kdc_reply_ciphercall. ... (FreeBSD-Security)