INFORMATION BULLETIN

F-12: Kerberos Telnet Encryption Vulnerability

February 21, 1995 1000 PST


PROBLEM:       Encrypted Telnet sessions may be decrypted by an intruder.
PLATFORMS:     MS-DOS, Macintosh, and Unix systems using Telnet clients
               with Kerberos V4 encryption.
DAMAGE:        Encrypted session contents may be compromised.
SOLUTION:      Obtain patch or upgrade as described below.

VULNERABILITY  This vulnerability may disclose sensitive information
ASSESSMENT:    transmitted via encrypted Telnet sessions.  Affected systems
               should be patched as soon as possible.

Critical Information about the Kerberos Telnet Encryption Vulnerability

A serious vulnerability exists in Telnet clients supporting encrypted sessions using Kerberos V4 authentication. Anyone with the ability to examine network traffic may easily decode an encrypted session. All sites using encrypted Telnet with Kerberos V4 should obtain the appropriate patch or upgrade as described below.

Below is a summary of vendors known to either be vulnerable or not vulnerable. If you have an encrypting Telnet from another vendor, please contact that vendor or CIAC for more information.

   Vendor                                 Status
   ------------------------------------   -----------------
   Berkeley Software Distribution (BSD)   Patch available
   Data General Corporation               Not affected
   FTP Software                           Patch available
   Harris NightHawk System                Not affected
   Hewlett-Packard                        Not affected
   IBM AIX                                Not affected
   National Center for Supercomputer
     Applications (NCSA)                  Upgrade available
   Open Software Foundation               Not affected
   The Santa Cruz Operation (SCO)         Not affected
   Sun Microsystems                       Not affected

Patch Information

Berkeley Software Distribution (BSD)

A patch, along with the latest version of the domestic Telnet sources, is available via anonymous FTP at ftp://net-dist.mit.edu/pub/telnet/. The patch file, telnet.patch, has an MD5 checksum of 65d56befe3d0f1699d38de5509552578.

FTP Software

Sites using an encrypting Telnet from the FTP Software's PC/TCP or OnNet packages may call FTP technical support at 1-800-282-4387 and ask for the "tn encrypt patch."

National Center for Supercomputer Applications (NCSA)

NCSA Telnet users should upgrade to version 2.6.1d7 and install the appropriate Kerberos plug-in. These fixes are available via anonymous FTP at ftp.ncsa.uiuc.edu.

Two versions of the Telnet program are available in the directory /Mac/Telnet/Telnet2.6/prerelease/d7/:

Telnet2.6.1d7(68K).sit.hqx MD5 b34b9fda59421b3b83f8df08a83f83b5
Telnet2.6.1d7(fat).sit.hqx MD5 877add7c3d298111889fc3f2f272ce6f

The Kerberos plug-ins are found in the directory /Mac/Telnet/Telnet2.6/prerelease/:

AuthMan.plugin.1.0b1.hqx MD5 df727eae184b22125f90ef1a31513fd4
Kerberos_Telnet_plugin.sit.hqx MD5 dbda691efe9038648f234397895c734d

CIAC wishes to acknowledge the contributions of the CERT Coordination Center in the construction of this bulletin.

DOE-CIRC can be contacted at:

    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/