+++ This bug was initially created as a clone of Bug #26296 +++ A blog post was published on February 28 detailing the exploit: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html I don't see anything about a fix for the issue. Given that we have two other telnet implementations packaged (in krb5-appl and heimdal), I don't see a purpose in retaining this insecure and unmaintained software. It should be dropped from Cauldron. Mageia 7 is also affected. EDIT: So it turns out this has a CVE and krb5-appl is also affected by it. RedHat has issued an advisory for this today (April 7): https://access.redhat.com/errata/RHSA-2020:1349 So we should be able to pull a fix from them for krb5-appl, and maybe there will be a way to apply it to netkit-telnetd too (although the latter should still be dropped in Cauldron).
Status comment: (none) => Patch available from RedHatWhiteboard: (none) => MGA7TOO
The remarks above about dropping a package refer to *netkit-telnetd* Bug #26296. For this bug, 'krb5-appl' shows no obvious maintainer, so assigning it globally.
Assignee: bugsquad => pkg-bugs
Done for both Cauldron and mga7!
CC: (none) => geiger.david68210
Advisory: ======================== Updated krb5-appl packages fix security vulnerability: A vulnerability was found where incorrect bounds checks in the telnet server’s (telnetd) handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated remote attacker could exploit these bugs by sending specially crafted telnet packets to achieve arbitrary code execution in the telnet server (CVE-2020-10188). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10188 https://access.redhat.com/errata/RHSA-2020:1349 ======================== Updated packages in core/updates_testing: ======================== krb5-appl-servers-1.0.3-10.1.mga7 krb5-appl-clients-1.0.3-10.1.mga7 from krb5-appl-1.0.3-10.1.mga7.src.rpm
Assignee: pkg-bugs => qa-bugsWhiteboard: MGA7TOO => (none)Status comment: Patch available from RedHat => (none)Version: Cauldron => 7
It's been a very long time since I used telnet, and I've forgotten most of what I knew. I never did know anything about the server side of things. But... Installed both packages, then used telnet to check my own router for open ports. The connection was refused at closed ports, but made at open ones, as it should. Updated both packages. Both installed cleanly. Tried the test again, with the same results. I'm going to give this an OK on the basis of a clean install, and because the simple test I did didn't turn up any regressions. Validating. Advisory in Comment 3. If my tests are inadequate, please feel free to un-validate.
CC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: (none) => MGA7-64-OKKeywords: (none) => validated_update
Just tested basic kerberos functionality as per https://wiki.mageia.org/en/QA_procedure:Krb5 [dave@i7v ~]$ kinit Password for dave@I7V.HODGINS.HOMEIP.NET: [dave@i7v ~]$ klist Ticket cache: FILE:/tmp/krb5cc_2000 Default principal: dave@I7V.HODGINS.HOMEIP.NET Valid starting Expires Service principal 2020-04-09 20:18:40 2020-04-10 20:18:40 krbtgt/I7V.HODGINS.HOMEIP.NET@I7V.HODGINS.HOMEIP.NET renew until 2020-04-09 20:18:40 [dave@i7v ~]$ krlogin $(hostname) This rlogin session is encrypting all data transmissions. Last login: Thu Apr 9 20:18:12 on :0 No regressions found.
CC: (none) => davidwhodgins
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0169.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED