Bug 75256 (CVE-2005-0469)

Summary: VUL-0: CVE-2005-0469: heimdal's telnet client seem to be vulnerable to the recent bugs too
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: mc, nadvornik
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard: CVE-2005-0469: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Biege 2005-03-30 14:46:11 UTC 
Hello Vladimir, 
it looks like the telnet client shipped as part of the heimdal package 
contains the same code as our ordinary telnet client. This code is buggy. Have 
a look at bug #66128 .
Comment 1 Vladimir Nadvornik 2005-03-31 14:38:14 UTC 
I used the patch
telnet-bsd-1.0-temp-increase+slc-env-overflow.diff

packages for sles8, sles9 and 8.2-9.2 are submitted.
Comment 2 Thomas Biege 2005-03-31 18:15:58 UTC 
 SM-Tracker-748
Comment 3 Thomas Biege 2005-04-01 07:54:32 UTC 
Vladimir, 
can you make an update for 9.3 too please? 
 
I'll submit the patchinfo files when you are done.
Comment 4 Vladimir Nadvornik 2005-04-01 08:00:45 UTC 
heimdal is not in 9.3
Comment 5 Thomas Biege 2005-04-01 08:01:58 UTC 
submitted patchinfo files for SLES/SLD: 
/work/src/done/PATCHINFO/patchinfo.heimdal 
/work/src/done/PATCHINFO/patchinfo-sld.heimdal 
 
Will wait with box until 9.3 package was submitted...
Comment 6 Thomas Biege 2005-04-01 08:02:49 UTC 
"edit_patchinfo -p" and "is_maintained -b" show 9.3... they must be wrong 
then... ok.
Comment 7 Thomas Biege 2005-04-01 08:06:46 UTC 
submitted patchinfo file: 
/work/src/done/PATCHINFO/patchinfo-box.heimdal 
 
What is the 9.3 replacement for heimdal?
Comment 8 Marcus Meissner 2005-04-01 08:08:00 UTC 
krb5 ... and it contains the fixes already I think (last minute addition).
Comment 9 Michael Calmer 2005-04-01 08:17:21 UTC 
Yes, krb5 on 9.3 has this patch. 
 
#> rpm -qp 
--changelog /work/CDs/all/full-9.3-i386/suse/i586/krb5-apps-clients.rpm | head 
* Fr Mär 18 2005 - mc@suse.de 
 
- fixed not running converter script [#72854] 
 
* Do Mär 17 2005 - mc@suse.de 
 
- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer 
  Overflow 
- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer 
  Overflow
Comment 10 Thomas Biege 2005-04-01 08:25:10 UTC 
Michael, 
is this a patch from bug# 66128 or a patch from the kerberos folks? 
I quickly compared the patches and the krb5 patch looks different from the 
patches we have in our bugzilla.
Comment 11 Thomas Biege 2005-04-01 08:29:01 UTC 
Ludwig already told me that it was the patch from the kerberos advisory.
Comment 12 Michael Calmer 2005-04-01 08:34:22 UTC 
Correct, the patch was provided by the MIT people.
Comment 13 Michael Schröder 2005-04-04 16:23:45 UTC 
The SLEC heimdal version is unpatched. Please submit a fixed package.
Comment 14 Vladimir Nadvornik 2005-04-05 10:55:48 UTC 
sorry,
package is submitted
Comment 15 Marcus Meissner 2005-04-20 15:47:39 UTC 
updates approved and released for this round
Comment 16 Thomas Biege 2005-04-20 16:00:21 UTC 
the onformation leak bug is still open.
CRD 14 juni, 1pm EST
Comment 17 Thomas Biege 2009-10-13 21:14:59 UTC 
CVE-2005-0469: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)