telnetd deja vu, this time it is Kerberos 5 telnetd
It seems like it was just a couple of weeks ago that we noted issues with the Solaris telnetd. A couple of our readers took exception to our statement in the earlier story that telnet shouldn't be open to the internet. Some of them pointed out that Kerberized telnetd uses much stronger authentication and can optionally encrypt traffic. That is all well and good, but I don't consider that ordinary telnet(d). Today, I noticed a RedHat bulletin (and subsequently, the official MIT advisory) about a vulnerability in Kerberos 5 telnetd (so it isn't any safer from bugs creeping into the code) that could allow unauthenticated root login by passing a crafted username (a different bug than the Solaris one). Note that in neither case is the issue with the client, the issue is on the server side. There are still valid reasons to have the telnet client on machines. Anyway, krb5-telnet is not enabled by default on RedHat (or any other Linux/Unix that I'm aware of), but if you use it, update as soon as possible/practical. I assume that other Linux distributions will have updates soon, if not already available. If you are building from source, please see the MIT advisory.
References:
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt
https://rhn.redhat.com/errata/RHSA-2007-0095.html
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0956 (not live yet)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0957 (not live yet)
UPDATE: Yes, I did see the other 2 advisories from MIT, one for a syslog issue and one for a double free. They are all fixed, I wrote about the telnetd one because that appears to me to be the worst and because it was eerily similar to the Solaris thing in Feb, but you should patch for all 3.
UPDATE 2: On further reading of the syslog issue, it appears to be pretty serious, too. It potentially allows remote code execution on the KDC.
References:
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-001-telnetd.txt
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt
https://rhn.redhat.com/errata/RHSA-2007-0095.html
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0956 (not live yet)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0957 (not live yet)
UPDATE: Yes, I did see the other 2 advisories from MIT, one for a syslog issue and one for a double free. They are all fixed, I wrote about the telnetd one because that appears to me to be the worst and because it was eerily similar to the Solaris thing in Feb, but you should patch for all 3.
UPDATE 2: On further reading of the syslog issue, it appears to be pretty serious, too. It potentially allows remote code execution on the KDC.
Keywords:
0 comment(s)
Is WEP dead yet? Should it be?
We've known almost from its release, that there were some significant weaknesses in WEP (Wired Equivalent Privacy). AirSnort and WEPcrack among other packages have been able to crack WEP keys fairly easily if they could sniff enough of the encrypted traffic. One of our readers (thanx, Mike) noted a new paper by three folks from the Darmstadt Technical University in Germany entitled Breaking 104 bit WEP in less than 60 seconds. They explain how an updated attack on the underlying RC4 algorithm allows much faster cracking of WEP (over an order of magnitude faster), than previously realized. We have long recommended that WEP be abandoned in favor of WPA2 (or, even better, WPA2). This new work demonstrates that WEP is little more than an annoyance to folks really interested in seeing your traffic.
Keywords:
0 comment(s)
Various Vista Concerns
I ran across a couple of stories in the last day or two that got me thinking about how much of security relies on assumptions that aren't necessarily always validated (remember Ronald Reagan's old adage "Trust, but verify"?). The first one is this story from Blackhat Amsterdam about VBootkit. The key quote from the story is "Experts say that the fundamental problem that this highlights is that every stage in Vista's booting process works on blind faith that everything prior to it ran cleanly." The other one was this story from one of the guys at CERIAS at Purdue about the introduction of symbolic links in Vista. Frankly, I haven't paid enough attention to Vista yet, to realize they had added symbolic links and I don't program for Windows, but having been a programmer in a previous life, the possible implications of this one jumped out at me. Further, I suspect that, all too soon, we'll be seeing all the race conditions with symlinks in Vista that we've seen in Unix/Linux over the years. The more things change, the more things stay the same, huh?!
Keywords:
0 comment(s)
Microsoft Patch Maybe Causing Some Problems
We have received several emails today from people who are having problems with the patch. One that is confirmed by Microsoft is the Realtek problem. Microsoft has been working on this problem and have provided a patch for the problem at:
support.microsoft.com/kb/935448/
Other possible issues have been reported and are being investigated. Microsoft is asking anyone having problems after installing the patch to contact them at Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for the support relating to Microsoft Security Updates.
support.microsoft.com/
support.microsoft.com/kb/935448/
Other possible issues have been reported and are being investigated. Microsoft is asking anyone having problems after installing the patch to contact them at Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for the support relating to Microsoft Security Updates.
support.microsoft.com/
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago