-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =============================================================================== >> CERT-NL, 01-Mar-2000 << >> All CERT-NL information has been moved to http://cert.surfnet.nl. Links << >> to CERT-NL information contained in this advisory are therefore outdated. << >> << >> CERT-NL also has stopped the CERT-CC-Mirror service. Due to this the << >> links to the CERT-CC mirror are obsolete. Visit the CERT-CC site for the << >> complete CERT-CC advisory texts: http://www.cert.org << =============================================================================== =============================================================================== Security Advisory CERT-NL =============================================================================== Author/Source : Teun Nijssen & Don Stikvoort Index : S-95-06 Distribution : World Page : 1 Classification: External Version: 2 Subject : Kerberos/Telnet Encryption Vulnerability Date : 09-Mar-95 =============================================================================== By courtesy of CERT/CC we received the following information about vulnerabilities in Kerberized Telnet encryption, SUPERSEDING THE PREVIOUS AND INCOMPLETE version of this advisory: ============================================================================= CA-95:03a CERT Advisory March 3, 1995 REVISED Telnet Encryption Vulnerability - ----------------------------------------------------------------------------- *** THIS IS A REVISED CERT ADVISORY *** *** A portion of the patch was accidentally omitted from Appendix B in the original release of CA-95:03. This revision contains a new, complete Appendix B.*** The CERT Coordination Center has received reports of a serious security problem in the Berkeley Telnet clients that provide support for the experimental Telnet encryption option using the Kerberos V4 authentication. All known released versions of the BSD Telnet that support Kerberos V4 authentication and encryption are affected. We recommend that all sites that use encrypted telnet in conjunction with Kerberos V4 obtain a patch or upgraded version of Telnet according to the instructions in Section III below. As we receive additional information relating to this advisory, CERT-NL will place it, along with any clarifications, in a S-95-06.APPENDIX file. CERT-NL advisories and their associated APPENDIX files are available at: ftp://ftp.nic.surfnet.nl/surfnet/net-security/cert-nl/docs/bulletin http://www.nic.surfnet.nl/surfnet/security/cert-nl.html - --------------------------------------------------------------------------- I. Description There is a vulnerability in Berkeley Telnet clients that support encryption and Kerberos V4 authentications. This vulnerability substantially reduces the effectiveness of the encryption. II. Impact Anyone who can access and read packets that make up the encrypted Telnet session can easily decrypt the session. This is possible, for example, when an intruder uses a packet sniffer on the network to intercept the Telnet sessions. III. Solution Obtain and install the appropriate patch according to the instructions included with the patch. In Appendix A is a summary of the vendors who have reported to us and the status they provided, including how to obtain patches. This information is reproduced in the APPENDIX file associated with this advisory. We will update the APPENDIX file as we receive more information from vendors. - --------------------------------------------------------------------------- The CERT Coordination Center wishes to thank Theodore Ts'o of the Massachusetts Institute of Technology for identifying and developing a solution to this problem. We also thank Douglas Engert of Argonne National Laboratory for pointing out the omission in our original Appendix B. - --------------------------------------------------------------------------- If you believe that your system has been compromised, contact your local CERT/security-team or CERT-NL. ............................................................................. Appendix A: Vendor Information See file S-95-06.APPENDIX for updated information. Issue date: March 13, 1995 Appendix B: Patch for Vulnerability in Telnet Encryption Option Omission error corrected March 3, 1995 See file S-95-06.APPENDIX for updated information. ============================================================================== CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet is the Dutch network for educational, research and related institutes. CERT-NL is a member of the Forum of Incident Response and Security Teams (FIRST). All CERT-NL material is available under: http://cert.surfnet.nl/ In case of computer or network security problems please contact your local CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer please address the appropriate (local) CERT/security-team). CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer, i.e. UTC+0100 in winter and UTC+0200 in summer (DST). Email: cert-nl@surfnet.nl ATTENDED REGULARLY ALL DAYS Phone: +31 302 305 305 BUSINESS HOURS ONLY Fax: +31 302 305 329 BUSINESS HOURS ONLY Snailmail: SURFnet bv Attn. CERT-NL P.O. Box 19035 NL - 3501 DA UTRECHT The Netherlands NOODGEVALLEN: 06 22 92 35 64 ALTIJD BEREIKBAAR EMERGENCIES : +31 6 22 92 35 64 ATTENDED AT ALL TIMES CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES: THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED* PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU. =============================================================================== -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1i iQA/AwUBOL6IDjSYjBqwfc9jEQKE4ACgxylKS8Ogentxvb1I9aY4V0KR4q4AoITZ EuotjIrxpD67u9AQ+ZoC2eWK =da14 -----END PGP SIGNATURE-----