Zak Blacher <[email protected]> writes:
> Dag-Erling Smørgrav <[email protected]> writes:
> > OPIE is not compiled into telnetd, and you shouldn't use telnet anyway.
> usr.bin/telnet/Makefile:13:CFLAGS+= -DKLUDGELINEMODE -DUSE_TERMIO -DENVHACK
> -DOPIE \
That's in the client (telnet), not the server (telnetd). The
vulnerability is in the verification code, which would only be used on
the server:
% ldd /usr/libexec/telnetd
/usr/libexec/telnetd:
libutil.so.9 => /lib/libutil.so.9 (0x80085e000)
libncurses.so.8 => /lib/libncurses.so.8 (0x800a6f000)
libmp.so.7 => /usr/lib/libmp.so.7 (0x800cbc000)
libcrypto.so.6 => /lib/libcrypto.so.6 (0x800ebf000)
libcrypt.so.5 => /lib/libcrypt.so.5 (0x80125f000)
libpam.so.5 => /usr/lib/libpam.so.5 (0x80147f000)
libkrb5.so.10 => /usr/lib/libkrb5.so.10 (0x801687000)
libhx509.so.10 => /usr/lib/libhx509.so.10 (0x8018f6000)
libasn1.so.10 => /usr/lib/libasn1.so.10 (0x801b36000)
libroken.so.10 => /usr/lib/libroken.so.10 (0x801db8000)
libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x801fc9000)
libc.so.7 => /lib/libc.so.7 (0x8021cb000)
See, no libopie, hence no vulnerability.
What -DOPIE does for telnet is add support for running opiekey from the
escape prompt.
As for ftpd, it has OPIE enabled by default in PAM, and it tries PAM
before OPIE, so there is no need for built-in OPIE support.
DES
--
Dag-Erling Smørgrav - [email protected]
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
