Created attachment 831996 [details]
bravestarr.py

QA REPRODUCER:

install telnet-server and enable it to run (systemctl start telnet.socket)

python3 bravestarr.py  -H localhost leak

we do not seem to be shipping netkit telnet, but instead (free)bsd telnet.

cve requested via webform

we need to check krb5-appl

The telnetd in krb5-appl looks like it uses the old code that is affected.

reassign to samuel

SUSE-SU-2020:1533-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1165787
CVE References: CVE-2020-10188
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    krb5-appl-1.0.3-3.3.1
SUSE OpenStack Cloud 8 (src):    krb5-appl-1.0.3-3.3.1
SUSE OpenStack Cloud 7 (src):    krb5-appl-1.0.3-3.3.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    krb5-appl-1.0.3-3.3.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    krb5-appl-1.0.3-3.3.1
SUSE Linux Enterprise Server 12-SP5 (src):    krb5-appl-1.0.3-3.3.1
SUSE Linux Enterprise Server 12-SP4 (src):    krb5-appl-1.0.3-3.3.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    krb5-appl-1.0.3-3.3.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    krb5-appl-1.0.3-3.3.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    krb5-appl-1.0.3-3.3.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    krb5-appl-1.0.3-3.3.1
SUSE Enterprise Storage 5 (src):    krb5-appl-1.0.3-3.3.1
HPE Helion Openstack 8 (src):    krb5-appl-1.0.3-3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Assigned to security team to close it.

DONE