-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===============================================================================
>>                                                      CERT-NL, 01-Mar-2000 <<
>> All CERT-NL information has been moved to http://cert.surfnet.nl.  Links  <<
>> to CERT-NL information contained in this advisory are therefore outdated. <<
>>                                                                           <<
>> CERT-NL also has stopped the CERT-CC-Mirror service.  Due to this the     <<
>> links to the CERT-CC mirror are obsolete. Visit the CERT-CC site for the  <<
>> complete CERT-CC advisory texts:                     http://www.cert.org  <<
===============================================================================
===============================================================================
Security Advisory                                                       CERT-NL
===============================================================================
Author/Source : Teun Nijssen & Don Stikvoort                Index  :    S-95-06
Distribution  : World                                       Page   :          1
Classification: External                                    Version:          2
Subject       : Kerberos/Telnet Encryption Vulnerability    Date   :  09-Mar-95
===============================================================================

By courtesy of CERT/CC we received the following information about
vulnerabilities in Kerberized Telnet encryption, SUPERSEDING THE PREVIOUS 
AND INCOMPLETE version of this advisory:

=============================================================================
CA-95:03a                         CERT Advisory
                                  March 3, 1995
                   REVISED  Telnet Encryption Vulnerability
- -----------------------------------------------------------------------------

                   *** THIS IS A REVISED CERT ADVISORY ***
    *** A portion of the patch was accidentally omitted from Appendix B 
    in the original release of CA-95:03. This revision contains a new,
    complete Appendix B.***

The CERT Coordination Center has received reports of a serious security
problem in the Berkeley Telnet clients that provide support for the
experimental Telnet encryption option using the Kerberos V4 authentication.
All known released versions of the BSD Telnet that support Kerberos V4
authentication and encryption are affected.

We recommend that all sites that use encrypted telnet in conjunction with
Kerberos V4 obtain a patch or upgraded version of Telnet according to the
instructions in Section III below.

As we receive additional information relating to this advisory, CERT-NL will
place it, along with any clarifications, in a S-95-06.APPENDIX file. CERT-NL
advisories and their associated APPENDIX files are available at:
  ftp://ftp.nic.surfnet.nl/surfnet/net-security/cert-nl/docs/bulletin
  http://www.nic.surfnet.nl/surfnet/security/cert-nl.html

- ---------------------------------------------------------------------------

I.   Description

     There is a vulnerability in Berkeley Telnet clients that support
     encryption and Kerberos V4 authentications. This vulnerability
     substantially reduces the effectiveness of the encryption.

II.  Impact

     Anyone who can access and read packets that make up the encrypted
     Telnet session can easily decrypt the session. This is possible, for
     example, when an intruder uses a packet sniffer on the network to
     intercept the Telnet sessions.

III. Solution

     Obtain and install the appropriate patch according to the instructions
     included with the patch.

     In Appendix A is a summary of the vendors who have reported to us and 
     the status they provided, including how to obtain patches.  This 
     information is reproduced in the APPENDIX file associated with this 
     advisory.  We will update the APPENDIX file as we receive more 
     information from vendors.
     
- ---------------------------------------------------------------------------
The CERT Coordination Center wishes to thank Theodore Ts'o of the
Massachusetts Institute of Technology for identifying and developing a
solution to this problem. We also thank Douglas Engert of Argonne National
Laboratory for pointing out the omission in our original Appendix B.
- ---------------------------------------------------------------------------

If you believe that your system has been compromised, contact your local 
CERT/security-team or CERT-NL.

.............................................................................

Appendix A: Vendor Information

See file S-95-06.APPENDIX for updated information.  
Issue date: March 13, 1995

Appendix B: Patch for Vulnerability in Telnet Encryption Option
Omission error corrected March 3, 1995
See file S-95-06.APPENDIX for updated information.  
==============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet
is the Dutch network for educational, research and related institutes. CERT-NL
is a member of the Forum of Incident Response and Security Teams (FIRST).

All CERT-NL material is available under:
  http://cert.surfnet.nl/

In case of computer or network security problems please contact your local
CERT/security-team or CERT-NL  (if your institute is NOT a SURFnet customer
please address the appropriate (local) CERT/security-team).

CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).

   Email:     cert-nl@surfnet.nl     ATTENDED REGULARLY ALL DAYS
   Phone:     +31 302 305 305        BUSINESS HOURS ONLY
   Fax:       +31 302 305 329        BUSINESS HOURS ONLY
   Snailmail: SURFnet bv
              Attn. CERT-NL
              P.O. Box 19035
              NL - 3501 DA  UTRECHT
              The Netherlands

NOODGEVALLEN:    06 22 92 35 64      ALTIJD BEREIKBAAR
EMERGENCIES : +31 6 22 92 35 64      ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED*
PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT
TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU.
===============================================================================

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQA/AwUBOL6IDjSYjBqwfc9jEQKE4ACgxylKS8Ogentxvb1I9aY4V0KR4q4AoITZ
EuotjIrxpD67u9AQ+ZoC2eWK
=da14
-----END PGP SIGNATURE-----