From owner-freebsd-questions  Wed Aug 15  2:16:12 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15])
	by hub.freebsd.org (Postfix) with ESMTP
	id E1B3637B40B; Wed, 15 Aug 2001 02:16:04 -0700 (PDT)
	(envelope-from tedm@toybox.placo.com)
Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154])
	by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f7F9G3b33161;
	Wed, 15 Aug 2001 02:16:03 -0700 (PDT)
	(envelope-from tedm@toybox.placo.com)
From: "Ted Mittelstaedt" <tedm@toybox.placo.com>
To: "Ruslan Ermilov" <ru@FreeBSD.ORG>,
	"Greg Lehey" <grog@FreeBSD.ORG>
Cc: "Ryan Thompson" <ryan@sasknow.com>,
	"William Nunn" <yorkie123@hotmail.com>,
	<freebsd-questions@FreeBSD.ORG>
Subject: RE: Remotely Exploitable telnetd bug
Date: Wed, 15 Aug 2001 02:16:03 -0700
Message-ID: <002501c1256a$e846ce00$1401a8c0@tedm.placo.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
In-Reply-To: <20010815103807.D47417@sunbay.com>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

>-----Original Message-----
>From: Ruslan Ermilov [mailto:ru@FreeBSD.ORG]
>Sent: Wednesday, August 15, 2001 12:38 AM
>To: Greg Lehey
>Cc: Ted Mittelstaedt; Ryan Thompson; William Nunn;
>freebsd-questions@FreeBSD.ORG
>Subject: Re: Remotely Exploitable telnetd bug

>> 
>POP3 (RFC1725) supports the APOP command, which avoids the transmission
>of clear-text passwords over an insecure environment.  Also, various
>other authentication schemes are supported, see RFC1734 for details.
>

APOP is not supported by Outlook 98 or earlier or Eudora 4.3 or earlier.
It's probably also not supported by most UNIX mail clients either except in
the very latest versions.

>There are security extensions exist for FTP, see RFC2228 for details.
>lukemftpd (currently in contrib/lukemftpd) is going to support these,
>AFAIK.
>

It's going to be many years before even a quarter of the FTP clients in use
out there support these.


Ted Mittelstaedt                                       tedm@toybox.placo.com
Author of:                           The FreeBSD Corporate Networker's Guide
Book website:                          http://www.freebsd-corp-net-guide.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message