From owner-freebsd-hubs  Mon Jul 23 18:56:22 2001
Delivered-To: freebsd-hubs@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-215.dsl.lsan03.pacbell.net [63.207.60.215])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3A83E37B403; Mon, 23 Jul 2001 18:56:19 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id D18E766B04; Mon, 23 Jul 2001 18:56:17 -0700 (PDT)
Date: Mon, 23 Jul 2001 18:56:17 -0700
From: Kris Kennaway <kris@freebsd.org>
To: hubs@FreeBSD.org
Cc: security-officer@FreeBSD.org
Subject: [URGENT] Upgrade your telnetd binaries!
Message-ID: <20010723185617.A90831@xor.obsecurity.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="6TrnltStXW4iwmi0"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-hubs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hubs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hubs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hubs>
X-Loop: FreeBSD.org


--6TrnltStXW4iwmi0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hi all,

I've just portscanned the cvsup*.freebsd.org and noticed that an
alarming number of these sites have telnetd open to the world.  As you
may have heard, there is a remotely exploitable root vulnerability in
telnetd, fixed today.  Since this vulnerability is being actively
exploited, and as freebsd.org mirror sites you are all prime targets
for being attacked, please disable telnetd immediately or fix the
vulnerability as described in the advisory:

  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc

A successful compromise of one of the FreeBSD mirror sites, even
though it won't directly affect the master CVS repository, can still
result in handing out compromised code to all of the FreeBSD users who
download from your site.

Thanks,
Kris

--6TrnltStXW4iwmi0
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7XNXAWry0BWjoQKURArOZAKC1SPh6yNHTepxmez56QlHiEFd5/gCg/SnW
OqQ4AC1M6n9lwKq5Ut6rqyk=
=q6wC
-----END PGP SIGNATURE-----

--6TrnltStXW4iwmi0--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hubs" in the body of the message