Subject Kerberos/Telnet Encryption Vulnerability Date 09-Mar-95
1177267b3725e7fb88628fb2b8717346f39f40eaa269082b9f3ad32742a8d7c3
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===============================================================================
>> CERT-NL, 01-Mar-2000 <<
>> All CERT-NL information has been moved to http://cert.surfnet.nl. Links <<
>> to CERT-NL information contained in this advisory are therefore outdated. <<
>> <<
>> CERT-NL also has stopped the CERT-CC-Mirror service. Due to this the <<
>> links to the CERT-CC mirror are obsolete. Visit the CERT-CC site for the <<
>> complete CERT-CC advisory texts: http://www.cert.org <<
===============================================================================
===============================================================================
Security Advisory CERT-NL
===============================================================================
Author/Source : Teun Nijssen & Don Stikvoort Index : S-95-06
Distribution : World Page : 1
Classification: External Version: 2
Subject : Kerberos/Telnet Encryption Vulnerability Date : 09-Mar-95
===============================================================================
By courtesy of CERT/CC we received the following information about
vulnerabilities in Kerberized Telnet encryption, SUPERSEDING THE PREVIOUS
AND INCOMPLETE version of this advisory:
=============================================================================
CA-95:03a CERT Advisory
March 3, 1995
REVISED Telnet Encryption Vulnerability
- -----------------------------------------------------------------------------
*** THIS IS A REVISED CERT ADVISORY ***
*** A portion of the patch was accidentally omitted from Appendix B
in the original release of CA-95:03. This revision contains a new,
complete Appendix B.***
The CERT Coordination Center has received reports of a serious security
problem in the Berkeley Telnet clients that provide support for the
experimental Telnet encryption option using the Kerberos V4 authentication.
All known released versions of the BSD Telnet that support Kerberos V4
authentication and encryption are affected.
We recommend that all sites that use encrypted telnet in conjunction with
Kerberos V4 obtain a patch or upgraded version of Telnet according to the
instructions in Section III below.
As we receive additional information relating to this advisory, CERT-NL will
place it, along with any clarifications, in a S-95-06.APPENDIX file. CERT-NL
advisories and their associated APPENDIX files are available at:
ftp://ftp.nic.surfnet.nl/surfnet/net-security/cert-nl/docs/bulletin
http://www.nic.surfnet.nl/surfnet/security/cert-nl.html
- ---------------------------------------------------------------------------
I. Description
There is a vulnerability in Berkeley Telnet clients that support
encryption and Kerberos V4 authentications. This vulnerability
substantially reduces the effectiveness of the encryption.
II. Impact
Anyone who can access and read packets that make up the encrypted
Telnet session can easily decrypt the session. This is possible, for
example, when an intruder uses a packet sniffer on the network to
intercept the Telnet sessions.
III. Solution
Obtain and install the appropriate patch according to the instructions
included with the patch.
In Appendix A is a summary of the vendors who have reported to us and
the status they provided, including how to obtain patches. This
information is reproduced in the APPENDIX file associated with this
advisory. We will update the APPENDIX file as we receive more
information from vendors.
- ---------------------------------------------------------------------------
The CERT Coordination Center wishes to thank Theodore Ts'o of the
Massachusetts Institute of Technology for identifying and developing a
solution to this problem. We also thank Douglas Engert of Argonne National
Laboratory for pointing out the omission in our original Appendix B.
- ---------------------------------------------------------------------------
If you believe that your system has been compromised, contact your local
CERT/security-team or CERT-NL.
.............................................................................
Appendix A: Vendor Information
See file S-95-06.APPENDIX for updated information.
Issue date: March 13, 1995
Appendix B: Patch for Vulnerability in Telnet Encryption Option
Omission error corrected March 3, 1995
See file S-95-06.APPENDIX for updated information.
==============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet
is the Dutch network for educational, research and related institutes. CERT-NL
is a member of the Forum of Incident Response and Security Teams (FIRST).
All CERT-NL material is available under:
http://cert.surfnet.nl/
In case of computer or network security problems please contact your local
CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer
please address the appropriate (local) CERT/security-team).
CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).
Email: cert-nl@surfnet.nl ATTENDED REGULARLY ALL DAYS
Phone: +31 302 305 305 BUSINESS HOURS ONLY
Fax: +31 302 305 329 BUSINESS HOURS ONLY
Snailmail: SURFnet bv
Attn. CERT-NL
P.O. Box 19035
NL - 3501 DA UTRECHT
The Netherlands
NOODGEVALLEN: 06 22 92 35 64 ALTIJD BEREIKBAAR
EMERGENCIES : +31 6 22 92 35 64 ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED*
PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT
TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU.
===============================================================================
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i
iQA/AwUBOL6IDjSYjBqwfc9jEQKE4ACgxylKS8Ogentxvb1I9aY4V0KR4q4AoITZ
EuotjIrxpD67u9AQ+ZoC2eWK
=da14
-----END PGP SIGNATURE-----