telnetd deja vu, this time it is Kerberos 5 telnetd
It seems like it was just a couple of weeks ago that we noted issues with the Solaris telnetd.  A couple of our readers took exception to our statement in the earlier story that telnet shouldn't be open to the internet.  Some of them pointed out that Kerberized telnetd uses much stronger authentication and can optionally encrypt traffic.  That is all well and good, but I don't consider that ordinary telnet(d).  Today, I noticed a RedHat bulletin (and subsequently, the official MIT advisory) about a vulnerability in Kerberos 5 telnetd (so it isn't any safer from bugs creeping into the code) that could allow unauthenticated root login by passing a crafted username (a different bug than the Solaris one).   Note that in neither case is the issue with the client, the issue is on the server side.  There are still valid reasons to have the telnet client on machines.  Anyway, krb5-telnet is not enabled by default on RedHat (or any other Linux/Unix that I'm aware of), but if you use it, update as soon as possible/practical.  I assume that other Linux distributions will have updates soon, if not already available.  If you are building from source, please see the MIT advisory.

References: (not live yet)I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Tokyo Autumn 2022


423 Posts
ISC Handler
Apr 4th 2007

Sign Up for Free or Log In to start participating in the conversation!