Date: Wed, 15 Aug 2001 02:16:03 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Ruslan Ermilov" <ru@FreeBSD.ORG>, "Greg Lehey" <grog@FreeBSD.ORG> Cc: "Ryan Thompson" <ryan@sasknow.com>, "William Nunn" <yorkie123@hotmail.com>, <freebsd-questions@FreeBSD.ORG> Subject: RE: Remotely Exploitable telnetd bug Message-ID: <002501c1256a$e846ce00$1401a8c0@tedm.placo.com> In-Reply-To: <20010815103807.D47417@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>-----Original Message----- >From: Ruslan Ermilov [mailto:ru@FreeBSD.ORG] >Sent: Wednesday, August 15, 2001 12:38 AM >To: Greg Lehey >Cc: Ted Mittelstaedt; Ryan Thompson; William Nunn; >freebsd-questions@FreeBSD.ORG >Subject: Re: Remotely Exploitable telnetd bug >> >POP3 (RFC1725) supports the APOP command, which avoids the transmission >of clear-text passwords over an insecure environment. Also, various >other authentication schemes are supported, see RFC1734 for details. > APOP is not supported by Outlook 98 or earlier or Eudora 4.3 or earlier. It's probably also not supported by most UNIX mail clients either except in the very latest versions. >There are security extensions exist for FTP, see RFC2228 for details. >lukemftpd (currently in contrib/lukemftpd) is going to support these, >AFAIK. > It's going to be many years before even a quarter of the FTP clients in use out there support these. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002501c1256a$e846ce00$1401a8c0>